openssl ocsp -help
-
Online Certificate Status Protocol utility.
$ openssl ocsp -help Usage: ocsp [options] Valid options are: -help Display this summary -out outfile Output filename -timeout +int Connection timeout (in seconds) to the OCSP responder -url val Responder URL -host val TCP/IP hostname:port to connect to -port +int Port to run responder on -ignore_err Ignore error on OCSP request or response and continue running -noverify Don't verify response at all -nonce Add OCSP nonce to request -no_nonce Don't add OCSP nonce to request -resp_no_certs Don't include any certificates in response -resp_key_id Identify response by signing certificate key ID -multi +int run multiple responder processes -no_certs Don't include any certificates in signed request -no_signature_verify Don't check signature on response -no_cert_verify Don't check signing certificate -no_chain Don't chain verify response -no_cert_checks Don't do additional checks on signing certificate -no_explicit Do not explicitly check the chain, just verify the root -trust_other Don't verify additional certificates -no_intern Don't search certificates contained in response for signer -badsig Corrupt last byte of loaded OSCP response signature (for test) -text Print text form of request and response -req_text Print text form of request -resp_text Print text form of response -reqin val File with the DER-encoded request -respin val File with the DER-encoded response -signer infile Certificate to sign OCSP request with -VAfile infile Validator certificates file -sign_other infile Additional certificates to include in signed request -verify_other infile Additional certificates to search for signer -CAfile infile Trusted certificates file -CApath infile Trusted certificates directory -no-CAfile Do not load the default certificates file -no-CApath Do not load certificates from the default certificates directory -validity_period ulong Maximum validity discrepancy in seconds -status_age +int Maximum status age in seconds -signkey val Private key to sign OCSP request with -reqout val Output file for the DER-encoded request -respout val Output file for the DER-encoded response -path val Path to use in OCSP request -issuer infile Issuer certificate -cert infile Certificate to check -serial val Serial number to check -index infile Certificate status index file -CA infile CA certificate -nmin +int Number of minutes before next update -nrequest +int Number of requests to accept (default unlimited) -ndays +int Number of days before next update -rsigner infile Responder certificate to sign responses with -rkey infile Responder key to sign responses with -rother infile Other certificates to include in response -rmd val Digest Algorithm to use in signature of OCSP response -rsigopt val OCSP response signature parameter in n:v form -header val key=value header to add -* Any supported digest algorithm (sha1,sha256, ... ) -policy val adds policy to the acceptable policy set -purpose val certificate chain purpose -verify_name val verification policy name -verify_depth int chain depth limit -auth_level int chain authentication security level -attime intmax verification epoch time -verify_hostname val expected peer hostname -verify_email val expected peer email -verify_ip val expected peer IP address -ignore_critical permit unhandled critical extensions -issuer_checks (deprecated) -crl_check check leaf certificate revocation -crl_check_all check full chain revocation -policy_check perform rfc5280 policy checks -explicit_policy set policy variable require-explicit-policy -inhibit_any set policy variable inhibit-any-policy -inhibit_map set policy variable inhibit-policy-mapping -x509_strict disable certificate compatibility work-arounds -extended_crl enable extended CRL features -use_deltas use delta CRLs -policy_print print policy processing diagnostics -check_ss_sig check root CA self-signatures -trusted_first search trust store first (default) -suiteB_128_only Suite B 128-bit-only mode -suiteB_128 Suite B 128-bit mode allowing 192-bit algorithms -suiteB_192 Suite B 192-bit-only mode -partial_chain accept chains anchored by intermediate trust-store CAs -no_alt_chains (deprecated) -no_check_time ignore certificate validity time -allow_proxy_certs allow the use of proxy certificates
© Lightnetics 2024