Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > aa830b28c47ddef58d5fd165b3842831 > files > 24

openca-ocspd-1.5.1-0.rc1.5mdv2010.0.i586.rpm

=============================================================================
                       OpenCA's OCSP Responder
         (c) 2001-2006 by Massimiliano Pala and OpenCA Group
                       OpenCA Licesed Software
=============================================================================

1. General Description
======================

The OCSP (OnLine Certificate Status Protocol) is becoming ever more supported
by current clients as it provides an easy way to get a reliable and fast on-
Line verification of the required certificate(s) status.

The provided responder is capable of answering to complex OCSP requests, an
example of a configuration file and a way to start and make request to the
responded can be found into the etc/ directory.

To get a full list of the supported command-line options simply call the
openca-ocspd program with '-' as an argument:

	$ openca-ocspd -



2. INSTALL
==========

To install the package follow the provided INSTALL script and edit the config
file to fillfull your needs. Remember that you'll need the 0.9.7 version of
the OpenSSL package - current source code (0.9.7d).


3. Provided files
=================

In the $prefix/etc/ocspd directory you'll find some example files for simple
configuration of the responder. All options are, I guess, self-explicative
and very easy to understand.



4. OCSP Responder certificate
=============================

The OCSP Responder must have its own certificate/key pair to be able to build
and sign the responses. To aceive this you can simply generate a PKCS#10 req
and upload it to your CA by using the appropriate command. Remember that the
certificate MUST contain the "OCSPSigning" extension in the extendedKeyUsage
extension: if requested you'll need to define a new extension file on the ca
(conf/openssl/extfiles) for the OCSP certificate profile.


5. Known Bugs
=============

Actually it has not been fully tested on many systems so, if there is any
problem, please contact us on the mailing list and ask for support there.

Currently the responded has been tested with Mozilla and it has been reported
to work correctly.

Some performance problems have been noticed on Solaris but no informations
on where the bottleneck is are currently available.


4. Contacts
===========

If you have further questions, please, contact the OpenCA team. More infos on
OpenCA LABS and OpenCA Team can be found at http://www.openca.org

This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)


Enjoy the Open Source Community!

Massimiliano Pala <madwolf@openca.org>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional