Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
ca [2025/04/12 11:04] jango [1-Tier with OSCP] |
ca [2025/06/01 01:36] (aktuell) jango [Test OCSP] |
||
---|---|---|---|
Zeile 3: | Zeile 3: | ||
=====1-Tier with CRL===== | =====1-Tier with CRL===== | ||
- | Einfache 1-Tier Root CA mit CRL | + | Einfache 1-Tier Root CA mit [[CRL]] |
====Initialize Root CA==== | ====Initialize Root CA==== | ||
<code bash> | <code bash> | ||
Zeile 220: | Zeile 220: | ||
</ | </ | ||
- | =====1-Tier with OSCP===== | + | =====1-Tier with OCSP===== |
- | Einfache 1-Tier Root CA mit OSCP Responder | + | Einfache 1-Tier Root CA mit [[OCSP]] |
====Initialize Root CA==== | ====Initialize Root CA==== | ||
<code bash> | <code bash> | ||
Zeile 280: | Zeile 280: | ||
[ dn ] | [ dn ] | ||
- | C = DE | + | C = AT |
- | ST = Bayern | + | ST = Vienna |
- | L = München | + | L = Vienna |
- | O = MeineFirma | + | O = Brainworx |
- | CN = Meine Root CA | + | CN = Root CA |
[ v3_ca ] | [ v3_ca ] | ||
Zeile 348: | Zeile 348: | ||
openssl req -new -key " | openssl req -new -key " | ||
-out " | -out " | ||
- | -subj "/C=DE/ST=Bayern/O=MeineFirma/ | + | -subj "/C=AT/ST=Vienna/O=Brainworx/ |
# Zertifikat signieren | # Zertifikat signieren | ||
Zeile 403: | Zeile 403: | ||
</ | </ | ||
- | ====Initialize | + | ====Initialize |
<code bash> | <code bash> | ||
#!/bin/bash | #!/bin/bash | ||
Zeile 420: | Zeile 420: | ||
openssl req -new -key " | openssl req -new -key " | ||
-out " | -out " | ||
- | -subj "/C=DE/ST=Bayern/O=MeineFirma/CN=OCSP Responder" | + | -subj "/C=AT/ST=Vienna/O=Brainworx/CN=OCSP Responder" |
# Zertifikat signieren | # Zertifikat signieren | ||
Zeile 432: | Zeile 432: | ||
</ | </ | ||
- | ====Start | + | ====Start |
<code bash> | <code bash> | ||
#!/bin/bash | #!/bin/bash | ||
Zeile 453: | Zeile 453: | ||
- | ====Test | + | ====Test |
<code bash> | <code bash> | ||
#!/bin/bash | #!/bin/bash | ||
Zeile 459: | Zeile 459: | ||
set -e | set -e | ||
- | URI=http:// | ||
CA_DIR=" | CA_DIR=" | ||
- | |||
SERVER=$1 | SERVER=$1 | ||
SERVER_CERT=" | SERVER_CERT=" | ||
+ | |||
+ | URI=$(openssl x509 -in " | ||
openssl ocsp \ | openssl ocsp \ | ||
Zeile 470: | Zeile 470: | ||
-url $URI \ | -url $URI \ | ||
-resp_text -noverify | -resp_text -noverify | ||
+ | </ | ||
+ | |||
+ | ====OCSP Service==== | ||
+ | |||
+ | Script als Service erstellen | ||
+ | < | ||
+ | sudo nano / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | [Unit] | ||
+ | Description=OpenSSL OCSP Responder | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | ExecStart=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
</ | </ |