Source code

Revision control

Copy as Markdown

Other Tools

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
scenario OCSPD
#root CA
entity OCSPRoot
type Root
export_key
#CA - OK
entity OCSPCA1
type Intermediate
issuer OCSPRoot
serial 1
ocsp online
export_key
#CA - revoked
entity OCSPCA2
type Intermediate
issuer OCSPRoot
serial 2
ocsp online
export_key
#CA - unknown status
entity OCSPCA3
type Intermediate
issuer OCSPRoot
serial 3
ocsp offline
export_key
#EE - OK
entity OCSPEE11
type EE
issuer OCSPCA1
serial 1
ocsp online
#EE - revoked on OCSP
entity OCSPEE12
type EE
issuer OCSPCA1
serial 2
ocsp online
#EE - revoked on CRL
entity OCSPEE13
type EE
issuer OCSPCA1
serial 3
ocsp online
#EE - revoked on OCSP and CRL
entity OCSPEE14
type EE
issuer OCSPCA1
serial 4
ocsp online
#EE - unknown status
entity OCSPEE15
type EE
issuer OCSPCA1
serial 5
ocsp offline
#EE - valid EE, revoked CA
entity OCSPEE21
type EE
issuer OCSPCA2
serial 1
ocsp online
#EE - revoked EE, revoked CA
entity OCSPEE22
type EE
issuer OCSPCA2
serial 2
ocsp online
#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE23
type EE
issuer OCSPCA2
serial 3
ocsp offline
#EE - valid EE, CA pointing to invalid OCSP
entity OCSPEE31
type EE
issuer OCSPCA3
serial 1
ocsp online
#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE32
type EE
issuer OCSPCA3
serial 2
ocsp online
#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
entity OCSPEE33
type EE
issuer OCSPCA3
serial 3
ocsp offline
crl OCSPRoot
revoke OCSPRoot
serial 2
crl OCSPCA1
revoke OCSPCA1
serial 2
revoke OCSPCA1
serial 4
crl OCSPCA2
revoke OCSPCA2
serial 2
revoke OCSPCA2
serial 3
crl OCSPCA3
revoke OCSPCA3
serial 2
revoke OCSPCA3
serial 3
# Used for running a single OCSP server (httpserv) instance that can
# handle multiple CAs, e.g.:
# httpserv -p 8641 -d . -f dbpasswd \
# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
db Server
import OCSPRoot::CT,C,C
import_key OCSPRoot
import_key OCSPCA1
import_key OCSPCA2
import_key OCSPCA3
# A DB containing all certs, but no keys.
# Useful for manual OCSP client testing, e.g.:
# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s
db Client
import OCSPRoot::CT,C,C
import OCSPCA1OCSPRoot::
import OCSPCA2OCSPRoot::
import OCSPCA3OCSPRoot::
import OCSPEE11OCSPCA1::
import OCSPEE12OCSPCA1::
import OCSPEE13OCSPCA1::
import OCSPEE14OCSPCA1::
import OCSPEE15OCSPCA1::
import OCSPEE21OCSPCA2::
import OCSPEE22OCSPCA2::
import OCSPEE23OCSPCA2::
import OCSPEE31OCSPCA3::
import OCSPEE32OCSPCA3::
import OCSPEE33OCSPCA3::