Relentless Coding

A Developer’s Blog

Check OCSP With OpenSSL CLI Tool

How to query an OCSP responder to check the validity of a certificate?

Get the cert chain:

$ H=github.com
$ echo Q | \
    openssl s_client -showcerts -servername $H -host $H -port 443 | \
    awk 'BEGIN{n=0}; /-BEGIN/,/-END/{ print >> n ".pem" }; /-END/{n++}'

  • -showcerts:

    Displays the server certificate list as sent by the server: it only consists of certificates the server has sent (in the order the server has sent them). It is not a verified chain.

  • I use awk(1) to filter the PEM certificates from the other output. It sets a counter to 0. It then appends every line between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- to a file. It increments the number after every -----END CERTIFICATE-----.

  • This will create as many files as the certificate chain is long. The file 0.pem contains the “certificate at depth 0”: the leaf certificate. The file 1.pem contains the “certificate at depth 1”: the issuer of the leaf certificate. Caveat: this may not be true, as the order depends on the server. Check the subject and issuer of each certificate and rename the files accordingly:

    $ for f in *.pem; do 
      echo "$f"
      openssl x509 -in "$f" -noout -subject -issuer
      echo
  done

  • When openssl s_client receives Q, it tears down the TLS connection to the remote server.

Get the OCSP responder URI from the leaf cert:

$ openssl x509 -in 0.pem -noout -ocsp_uri
http://ocsp.sectigo.com

Let’s store it in a variable for easier access:

$ ocsp_uri=$(openssl x509 -in 0.pem -noout -ocsp_uri)

We now have everything we need:

$ openssl ocsp -issuer 1.pem -cert 0.pem -url $ocsp_uri -text
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: CF94DC5C304AA79485721F956E67895AC21657DD
          Issuer Key Hash: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
          Serial Number: AB6686B5627BE80596821330128649F5
    Request Extensions:
        OCSP Nonce:
            041038CA4568E928AE97DD06259DBF6CBE0A
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
    Produced At: Feb  7 06:04:44 2025 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: CF94DC5C304AA79485721F956E67895AC21657DD
      Issuer Key Hash: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE
      Serial Number: AB6686B5627BE80596821330128649F5
    Cert Status: good
    This Update: Feb  7 06:04:44 2025 GMT
    Next Update: Feb 14 06:04:43 2025 GMT

    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:44:02:20:08:b0:f7:00:53:f9:d4:6c:7f:a0:91:ac:0a:91:
        af:a1:34:e2:c5:2c:dc:14:a0:1c:de:e9:be:22:6f:25:d8:2f:
        02:20:0d:09:7e:57:43:59:ce:c4:65:f1:4b:f9:3d:f4:46:82:
        78:01:4c:53:ca:2f:45:b3:35:0c:83:54:53:f0:68:ed
WARNING: no nonce in response
Response verify OK
0.pem: good
        This Update: Feb  7 06:04:44 2025 GMT
        Next Update: Feb 14 06:04:43 2025 GMT

  • In the request and response, the “Hash Algorithm” indicates SHA-1 was used to generate hashes.

  • The serial number is the serial number of the leaf cert:

    $ openssl x509 -in 0.pem -noout -serial
serial=AB6686B5627BE80596821330128649F5

  • The “Issuer Name Hash” and “Issuer Key Hash”:

    issuerNameHash is the hash of the issuer’s distinguished name (DN). The hash shall be calculated over the DER encoding of the issuer’s name field in the certificate being checked.

    issuerKeyHash is the hash of the issuer’s public key. The hash shall be calculated over the value (excluding tag and length) of the subject public key field in the issuer’s certificate.

    RFC 6960

    This is hard to do by hand, so we use openssl(1) once more:

    $ openssl x509 -in 1.pem -noout -ocspid
Subject OCSP hash: CF94DC5C304AA79485721F956E67895AC21657DD
Public key OCSP hash: F6850A3B1186E1047D0EAA0B2CD2EECC647B7BAE

    Note that these values correspond to what is in our OCSP request and response.

    (I did not get output from LibreSSL 4.0.0 with -ocspid, even though the option is mentioned in its manpage.)

  • “WARNING: no nonce in response” means that the server did not include our nonce in their response. Nonces are used to prevent replay attacks. They increase the load on the OCSP responder, however. That is why responders may choose to ignore the nonce and return a canned response.

See Also