DyOCSP - Flexible DB OCSP Responder

Introduction

DyOCSP is an OCSP responder for private CA, and implementation of RFC 6960 and RFC 5019. The objective is to have a responder with flexible database backend choices.

Download

• Get the latest binary from releases.
• Or get the sources:

git clone https://github.com/yuxki/dyocsp

Please try Demo after download.

Supported Environments

Database

• File
• DynamoDB

Protocol

• HTTP (POST Method Only)

Signing Key Format

• PKCS# 8

Full Documentation

Documentation is available here: manual

Demo

Start OCSP Responder Server

Build and run dyocsp with a demo configuration file, certificate, and key.

$ cd ./demo
$ go build ../cmd/dyocsp
$ ./dyocsp -c delegate-dyocsp.yml

Test OCSP Request

Open another terminal.

# Request "successful good" certificate
$ cd demo
$ openssl ocsp \
    -CAfile ca/root-ca.crt \
    -issuer ca/sub-ca.crt \
    -cert ca/good.crt \
    -no_nonce \
    -url http://localhost:9080

# Request "successful revoked" certificate
$ cd ./demo
$ openssl ocsp \
    -CAfile ca/root-ca.crt \
    -issuer ca/sub-ca.crt \
    -cert ca/revoked.crt \
    -no_nonce \
    -url http://localhost:9080