Go to main content

man pages section 3: Library Interfaces and Headers

Exit Print View

Updated: Thursday, June 13, 2019
 
 

ocspd (3)

Name

ocspd - OCSP Daemon

Synopsis

ocspd [-d] [-p n] [-b address] [-c file] [-md digest] [-k passwd] [-i
passin] [-e engine] [-r chroot_dir] [-v]

Description

ocspd.3(3)                 OpenCA Contributed Manual                ocspd.3(3)



NAME
               ocspd - OCSP Daemon

SYNOPSIS
       ocspd [-d] [-p n] [-b address] [-c file] [-md digest] [-k passwd] [-i
       passin] [-e engine] [-r chroot_dir] [-v]

DESCRIPTION
       The ocspd is an RFC2560 compliant Online Certificate Status Protocol
       (OCSP) responder. The responder is capable of answering complex OCSP
       requests and it can be used to verify the status of a certificate from
       OCSP clients. An example of a configuration file and a way to start and
       make requests to the responder can be found in the /etc/ocspd
       directory.

OPTIONS
       -d  detach the main process from the calling process.

       -p n
           specifies the port to bind to. Default is 2560.

       -b address
           specifies the IP address to bind to. Default behaviour is to listen
           to every IP available (equal to '*' value).

       -c file
           specifies the configuration file to be loaded. Default file loaded
           is /etc/ocspd/ocspd.xml.

       -md digest
           specifies the digest to be used when generating responses. Default
           is sha1.

       -k passwd
           specifies the password to be used when loading the private key.

       -i passin
           the key password source. For more information about the format of
           arg see the PASS PHRASE ARGUMENTS section in openssl(1).

       -engine id
           specifying an engine (by it's unique id string) will cause the
           responder to attempt to obtain a functional reference to the
           specified engine, thus initialising it if needed. The engine will
           then be set as the default for all available algorithms.

       -r chroot_dir
           Chroot the application into the specified directory.

       -v  this prints extra details about the operations being performed.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------------------------+
       |ATTRIBUTE TYPE |          ATTRIBUTE VALUE           |
       +---------------+------------------------------------+
       |Availability   | library/security/ocsp/openca-ocspd |
       +---------------+------------------------------------+
       |Stability      | Pass-through volatile              |
       +---------------+------------------------------------+
NOTES
           Actually not extensive testing has been carried out, anyway this
           daemon is reported to work with Mozilla/Netscape.

           To reload the certificate's db simply send a SIGHUP to the main
           process ( kill -s SIGHUP pid ).

EXAMPLE
               ocspd -c /etc/ocspd/ocspd.xml

AUTHOR
           Massimiliano Pala <madwolf@openca.org>

SEE ALSO
           openca(3),openssl(1), ocsp(1)


       This software was built from source available at
       https://github.com/oracle/solaris-userland.  The original community
       source was downloaded from  https://github.com/openca/openca-
       ocspd/archive/.tar.gz

       Further information about this software can be found on the open source
       community website at https://www.openca.org/projects/ocspd/.



openca-ocspd 3.1.2                2018-08-10                        ocspd.3(3)