[gnutls-devel] OCSP RFC6961 for web servers
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Feb 6 19:59:41 CET 2015
On Fri, 2015-02-06 at 15:16 +0100, Tim Ruehsen wrote:
> > That could be an option. In that case it will be challenging to make the
> > merged file correspond to the certificate chain (e.g., response 0
> > correspond to cert 0 ...). A simpler approach may be to do something
> > like:
> > $ ocsptool --ask-multi mychain.pem --outfile multi.ocsp
> I admit, I have no idea how to create a cert chain PEM file. I have not much
> knowledge of web server administration.
A certificate chain is on its simplest form a certificate and its CA
combined. For this particular purpose merely executing gnutls-cli
--print-cert on any server would give you a chain.
> And I have not enough knowledge of
> the GnuTLS API (and/or data structure) to play around with 'cert chain' files.
They are nothing more than a list of certificates. Nothing special about
it. You could use helper functions like gnutls_x509_crt_list_import2 to
help importing them, but that's all.
regards,
Nikos
More information about the Gnutls-devel
mailing list