Check OCSP With OpenSSL CLI Tool
How to query an OCSP responder to check the validity of a certificate?
Get the cert chain:
$ H=github.com
$ echo Q | \
openssl s_client -showcerts -servername $H -host $H -port 443 | \
awk 'BEGIN{n=0}; /-BEGIN/,/-END/{ print >> n ".pem" }; /-END/{n++}'
-
Displays the server certificate list as sent by the server: it only consists of certificates the server has sent (in the order the server has sent them). It is not a verified chain.
-
I use
awk(1)
to filter the PEM certificates from the other output. It sets a counter to0
. It then appends every line between-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
to a file. It increments the number after every-----END CERTIFICATE-----
. -
This will create as many files as the certificate chain is long. The file
0.pem
contains the “certificate at depth 0”: the leaf certificate. The file1.pem
contains the “certificate at depth 1”: the issuer of the leaf certificate. Caveat: this may not be true, as the order depends on the server. Check the subject and issuer of each certificate and rename the files accordingly:$ for f in *.pem; do echo "$f" openssl x509 -in "$f" -noout -subject -issuer echo done
-
When
openssl s_client
receivesQ
, it tears down the TLS connection to the remote server.
Get the OCSP responder URI from the leaf cert:
$ openssl x509 -in 0.pem -noout -ocsp_uri
http://ocsp.sectigo.com
Let’s store it in a variable for easier access:
$ ocsp_uri=$(openssl x509 -in 0.pem -noout -ocsp_uri)
We now have everything we need:
$ openssl ocsp -issuer 1.pem -cert 0.pem -url $ocsp_uri -text
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CF94DC5C304AA79485721F956E67895AC21657DD
Issuer Key Hash: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
Serial Number: AB6686B5627BE80596821330128649F5
Request Extensions:
OCSP Nonce:
041038CA4568E928AE97DD06259DBF6CBE0A
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
Produced At: Feb 7 06:04:44 2025 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CF94DC5C304AA79485721F956E67895AC21657DD
Issuer Key Hash: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
Serial Number: AB6686B5627BE80596821330128649F5
Cert Status: good
This Update: Feb 7 06:04:44 2025 GMT
Next Update: Feb 14 06:04:43 2025 GMT
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:08:b0:f7:00:53:f9:d4:6c:7f:a0:91:ac:0a:91:
af:a1:34:e2:c5:2c:dc:14:a0:1c:de:e9:be:22:6f:25:d8:2f:
02:20:0d:09:7e:57:43:59:ce:c4:65:f1:4b:f9:3d:f4:46:82:
78:01:4c:53:ca:2f:45:b3:35:0c:83:54:53:f0:68:ed
WARNING: no nonce in response
Response verify OK
0.pem: good
This Update: Feb 7 06:04:44 2025 GMT
Next Update: Feb 14 06:04:43 2025 GMT
-
In the request and response, the “Hash Algorithm” indicates SHA-1 was used to generate hashes.
-
The serial number is the serial number of the leaf cert:
$ openssl x509 -in 0.pem -noout -serial serial=AB6686B5627BE80596821330128649F5
-
The “Issuer Name Hash” and “Issuer Key Hash”:
issuerNameHash
is the hash of the issuer’s distinguished name (DN). The hash shall be calculated over the DER encoding of the issuer’s name field in the certificate being checked.issuerKeyHash
is the hash of the issuer’s public key. The hash shall be calculated over the value (excluding tag and length) of the subject public key field in the issuer’s certificate.This is hard to do by hand, so we use
openssl(1)
once more:$ openssl x509 -in 1.pem -noout -ocspid Subject OCSP hash: CF94DC5C304AA79485721F956E67895AC21657DD Public key OCSP hash: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
Note that these values correspond to what is in our OCSP request and response.
(I did not get output from LibreSSL 4.0.0 with
-ocspid
, even though the option is mentioned in its manpage.) -
“WARNING: no nonce in response” means that the server did not include our nonce in their response. Nonces are used to prevent replay attacks. They increase the load on the OCSP responder, however. That is why responders may choose to ignore the nonce and return a canned response.
See Also
- RFC 6960
openssl(1)
version 3.4.0libressl-openssl(1)
version 4.0.0