OpenSSL: how to setup an OCSP server for checking third-party certificates?

I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice.

I have extracted the a certificate from a cable modem, copied it to my PC and converted it to the PEM format. Now I want to register it in the OpenSSL OCSP database and start a server.

I have completed all these steps, but when I do a client request my server invariably responds with “unknown”. It seems to be completely unaware of my certificate’s existence.

I would greatly appreciate if anyone would be willing to have a look at my code. For your convenience, I have created a single script consisting of a sequential list of all used commands, from setting up the CA until starting the server:

You can also find the custom config file and the certificate that I am testing with:

Any help would be greatly appreciated.


Leave a Reply