[gnutls-devel] OCSP RFC6961 for web servers

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Feb 6 19:59:41 CET 2015

On Fri, 2015-02-06 at 15:16 +0100, Tim Ruehsen wrote:

> > That could be an option. In that case it will be challenging to make the
> > merged file correspond to the certificate chain (e.g., response 0
> > correspond to cert 0 ...). A simpler approach may be to do something
> > like:
> > $ ocsptool --ask-multi mychain.pem --outfile multi.ocsp
> I admit, I have no idea how to create a cert chain PEM file. I have not much 
> knowledge of web server administration.

A certificate chain is on its simplest form a certificate and its CA
combined. For this particular purpose merely executing gnutls-cli
--print-cert on any server would give you a chain.

>  And I have not enough  knowledge of 
> the GnuTLS API (and/or data structure) to play around with 'cert chain' files.

They are nothing more than a list of certificates. Nothing special about
it. You could use helper functions like gnutls_x509_crt_list_import2 to
help importing them, but that's all.


More information about the Gnutls-devel mailing list