ocspd - OCSP Daemon
ocspd [-d] [-p n] [-b address] [-c file] [-md digest] [-k passwd] [-i passin] [-e engine] [-r chroot_dir] [-v]
ocspd.3(3) OpenCA Contributed Manual ocspd.3(3)
NAME
ocspd - OCSP Daemon
SYNOPSIS
ocspd [-d] [-p n] [-b address] [-c file] [-md digest] [-k passwd] [-i
passin] [-e engine] [-r chroot_dir] [-v]
DESCRIPTION
The ocspd is an RFC2560 compliant Online Certificate Status Protocol
(OCSP) responder. The responder is capable of answering complex OCSP
requests and it can be used to verify the status of a certificate from
OCSP clients. An example of a configuration file and a way to start and
make requests to the responder can be found in the /etc/ocspd
directory.
OPTIONS
-d detach the main process from the calling process.
-p n
specifies the port to bind to. Default is 2560.
-b address
specifies the IP address to bind to. Default behaviour is to listen
to every IP available (equal to '*' value).
-c file
specifies the configuration file to be loaded. Default file loaded
is /etc/ocspd/ocspd.xml.
-md digest
specifies the digest to be used when generating responses. Default
is sha1.
-k passwd
specifies the password to be used when loading the private key.
-i passin
the key password source. For more information about the format of
arg see the PASS PHRASE ARGUMENTS section in openssl(1).
-engine id
specifying an engine (by it's unique id string) will cause the
responder to attempt to obtain a functional reference to the
specified engine, thus initialising it if needed. The engine will
then be set as the default for all available algorithms.
-r chroot_dir
Chroot the application into the specified directory.
-v this prints extra details about the operations being performed.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------------------------+
|Availability | library/security/ocsp/openca-ocspd |
+---------------+------------------------------------+
|Stability | Pass-through volatile |
+---------------+------------------------------------+
NOTES
Actually not extensive testing has been carried out, anyway this
daemon is reported to work with Mozilla/Netscape.
To reload the certificate's db simply send a SIGHUP to the main
process ( kill -s SIGHUP pid ).
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from https://github.com/openca/openca-ocspd.
Further information about this software can be found on the open source
community website at https://www.openca.org/projects/ocspd/.
EXAMPLE
ocspd -c /etc/ocspd/ocspd.xml
AUTHOR
Massimiliano Pala <madwolf@openca.org>
SEE ALSO
openca(3),openssl(1), ocsp(1)
openca-ocspd 3.1.2 2022-06-28 ocspd.3(3)