FNMT
Certificate Autority: https://www.sede.fnmt.gob.es/descargas/certificados-raiz-de-la-fnmtIn this case I just need the following CA: Certificados AC Raíz de la FNMT
- AC Raíz FNMT-RCM
- AC FNMT Usuarios
- AC Representación
- AC Administración Pública
- AC Componentes Informáticos
OCSP service
There are three OCSP services (not for Componentes Informáticos):- AC Usuarios: http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder
- AC Representación: http://ocsprep.cert.fnmt.es/ocsprep/OcspResponder
- AC Administración Pública: http://ocspap.cert.fnmt.es/ocspap/OcspResponder
- AC Componentes Informáticos: http://ocspcomp.cert.fnmt.es/ocsp/OcspResponder
Service Testing
Test certificate kit from Junta de Andalucía: https://ws024.juntadeandalucia.es/ae/newsletter/actualizaciondelkitdecertificadosdepruebaalaversion912
Install openssl:
# yum install libtool perl-core zlib-devel
Params:
- ocsp
- issuer. Testing certificate's CA in PEM format
- seriel. Testing certificate's serial number
- CAfile: issuer's CA in PEM format (the CA of the CA of the certificate :))
- url: OSCP url
# openssl ocsp -issuer AC_FNMT_Usuarios.pem -serial 0x1b38186910f9667c5821ca627f360420 -url http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x1b38186910f9667c5821ca627f360420: revoked
This Update: Jun 29 11:15:50 2019 GMT
Next Update: Jun 29 12:15:50 2019 GMT
Reason: cessationOfOperation
Revocation Time: Nov 8 12:53:48 2016 GMT
# openssl ocsp -issuer AC_Administracion_Publica_SHA256.pem -serial 0x433d6899af0072375829d42560d7e733 -url http://ocspap.cert.fnmt.es/ocspap/OcspResponder -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x433d6899af0072375829d42560d7e733: good
This Update: Jun 29 11:21:23 2019 GMT
Next Update: Jun 29 12:21:23 2019 GMT
Note: Here you can check OCSP service status of Camerfirma: https://www.camerfirma.com/ayuda/servicios/
