Buscar este blog

sábado, 29 de junio de 2019

OCSP - FNMT Testing

FNMT

Certificate Autority: https://www.sede.fnmt.gob.es/descargas/certificados-raiz-de-la-fnmt

In this case I just need the following CA: Certificados AC Raíz de la FNMT
  • AC Raíz FNMT-RCM
    • AC FNMT Usuarios
    • AC Representación
    • AC Administración Pública
    • AC Componentes Informáticos

OCSP service

There are three OCSP services (not for Componentes Informáticos):

Service Testing



Install openssl:
# yum install libtool perl-core zlib-devel

Params:
  • ocsp
  • issuer. Testing certificate's CA in PEM format
  • seriel. Testing certificate's serial number
  • CAfile: issuer's CA in PEM format (the CA of the CA of the certificate :))
  • url: OSCP url

# openssl ocsp -issuer AC_FNMT_Usuarios.pem -serial 0x1b38186910f9667c5821ca627f360420 -url http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x1b38186910f9667c5821ca627f360420: revoked
        This Update: Jun 29 11:15:50 2019 GMT
        Next Update: Jun 29 12:15:50 2019 GMT
        Reason: cessationOfOperation
        Revocation Time: Nov  8 12:53:48 2016 GMT

# openssl ocsp -issuer AC_Administracion_Publica_SHA256.pem -serial 0x433d6899af0072375829d42560d7e733 -url http://ocspap.cert.fnmt.es/ocspap/OcspResponder  -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x433d6899af0072375829d42560d7e733: good
        This Update: Jun 29 11:21:23 2019 GMT
        Next Update: Jun 29 12:21:23 2019 GMT


Note: Here you can check OCSP service status of Camerfirma: https://www.camerfirma.com/ayuda/servicios/

No hay comentarios:

Publicar un comentario