OPENSSL-OCSP(1ssl) OpenSSL OPENSSL-OCSP(1ssl) openssl-ocsp - (OCSP) OCSP openssl ocsp [-help] [-out ] [-issuer ] [-cert ] [-no_certs] [-serial n] [-signer ] [-signkey ] [-sign_other ] [-nonce] [-no_nonce] [-req_text] [-resp_text] [-text] [-reqout _] [-respout _] [-reqin _] [-respin _] [-url ] [-host :] [-path ] [-proxy [http[s]://][_@][:][/][?][#]] [-no_proxy ] [-header] [-timeout ] [-VAfile ] [-validity_period n] [-status_age n] [-noverify] [-verify_other ] [-trust_other] [-no_intern] [-no_signature_verify] [-no_cert_verify] [-no_chain] [-no_cert_checks] [-no_explicit] [-port ] [-ignore_err] OCSP openssl ocsp [-index ] [-CA ] [-rsigner ] [-rkey ] [-passin ] [-rother ] [-rsigopt nm:v] [-rmd ] [-badsig] [-resp_no_certs] [-nmin n] [-ndays n] [-resp_key_id] [-nrequest n] [-multi _] [-rcid ] [-] [-CAfile ] [-no-CAfile] [-CApath ] [-no-CApath] [-CAstore uri] [-no-CAstore] [-allow_proxy_certs] [-attime _] [-no_check_time] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-partial_chain] [-policy ] [-policy_check] [-policy_print] [-purpose ] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level ] [-verify_depth ] [-verify_email ] [-verify_hostname _] [-verify_ip ip] [-verify_name ] [-x509_strict] [-issuer_checks] [-provider ] [-provider-path ] [-provparam [:]=] [-propquery propq] (OCSP) () (RFC 2560). OCSP . OCSP OCSP . . . OCSP -help . -out _ . -issuer _ . PEM DER PKCS#12. . -cert. -cert _ _ . PEM DER PKCS#12. . -issuer . -no_certs . -serial -cert . "0x". "-". -signer _ -signkey _ OCSP -signer -signkey. PEM DER PKCS#12. -signkey . OCSP. -sign_other _ . PEM DER PKCS#12. -nonce -no_nonce OCSP nonce OCSP nonce. OCSP -reqin nonce: -nonce nonce. OCSP ( -cert -serial) nonce -no_nonce . -req_text -resp_text -text OCSP . -reqout -respout _ OCSP DER _. . / . . -reqin -respin _ OCSP . OCSP ( -serial -cert -host). -url _ URL. HTTP HTTPS (SSL/TLS). . . -host -path . -host : -path _ -host OCSP . IP (v4 v6) 127.0.0.1 "[::1]" . IPv6 "[" "]". -path HTTP "/" . -url http:// _ . -proxy [http[s]://][_@][:][/][?][#] HTTP(S) OCSP -no_proxy . IPv6 "[" "]". 80 443 "https" "http://" "https://" . "http_proxy" "HTTP_PROXY" TLS "https_proxy" "HTTPS_PROXY". -no_proxy IP / DNS (proxy) HTTP(S) / ( "..."). "no_proxy" "NO_PROXY". -header = OCSP . . -timeout OCSP . POSIX OCSP . . -verify_other URI OCSP. : . PEM DER PKCS#12. -trust_other -verify_other . (CA) . -VAfile URI . -verify_other -trust_other. PEM DER PKCS#12. -noverify OCSP nonce. . -no_intern OCSP . -verify_other -VAfile. -no_signature_verify OCSP. OCSP . -no_cert_verify OCSP . OCSP . -no_chain CA . -no_explicit (root CA) OCSP. -no_cert_checks OCSP. : . -validity_period nsec -status_age age OCSP. notBefore notAfter . . OCSP . -validity_period 5 . notAfter . notBefore age . . -rcid OCSP. openssl-dgst(1). . - OCSP. OpenSSL dgst. SHA-1. . -CAfile -no-CAfile -CApath -no-CApath -CAstore _ -no-CAstore "Trusted Certificate Options" openssl-verification-options(1) . -allow_proxy_certs -attime -no_check_time -check_ss_sig -crl_check -crl_check_all -explicit_policy -extended_crl -ignore_critical -inhibit_any -inhibit_map -no_alt_chains -partial_chain -policy -policy_check -policy_print -purpose -suiteB_128 -suiteB_128_only -suiteB_192 -trusted_first -use_deltas -auth_level -verify_depth -verify_email -verify_hostname -verify_ip -verify_name -x509_strict -issuer_checks . " " openssl-verification-options(1) . -provider -provider-path -provparam [:]= -propquery propq " " openssl(1) provider(7) property(7). OCSP -index _ indexfile ca . -index . ( -issuer -serial) ( -reqin) OCSP ( -port -url). -index -CA -rsigner. -CA CA -index. PEM DER PKCS#12. -rsigner OCSP. PEM DER PKCS#12. -rkey OCSP: -rsigner. -passin . arg openssl-passphrase-options(1). -rother OCSP. PEM DER PKCS#12. -rsigopt nm:v OCSP. . -rmd . -badsig . -resp_no_certs OCSP. -resp_key_id (key ID) . -port _ OCSP. IPv4 IPv6 . -url. 0 . -ignore_err : OCSP . OCSP . -nrequest OCSP . -multi _ OCSP . CA . -timeout OCSP . POSIX ( fork() ). -nmin -ndays : nextUpdate. nextUpdate . OCSP OCSP RFC2560. OCSP OCSP . OCSP . -CAfile -CApath -CAstore OpenSSL . OCSP . CA OCSP: OCSP. (CA) OCSP . OCSPSigning OCSP OCSP. -no_explicit (root CA) OCSP OCSP. OCSP. OCSP. OCSP ( ) . OCSP " " OCSP. : openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem -VAfile. . -CApath -CAfile -CAstore ( 'global VA') -VAfile. OCSP : OCSP . HTTP POST OCSP. . . CGI -reqin -respout. OCSP : openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der OCSP http://ocsp.myhost.com/ : openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \ -url http://ocsp.myhost.com/ -resp_text -respout resp.der OCSP : openssl ocsp -respin resp.der -text -noverify OCSP 8888 ca . . openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem -text -out log.txt : openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem -nrequest 1 : openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -issuer demoCA/cacert.pem -serial 1 . openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -reqin req.der -respout resp.der -no_alt_chains OpenSSL 1.1.0. 2001-2023 OpenSSL. . Apache 2.0 ( ""). . LICENSE . 3 . . : . 3.6.2 7 2026 OPENSSL-OCSP(1ssl)