other versions
- wheezy-backports 3.3.8-6~bpo70+1
- jessie 3.3.8-6+deb8u5
- testing 3.5.8-5
- unstable 3.5.8-6
- experimental 3.5.13-1
ocsptool(1) | User Commands | ocsptool(1) |
NAME¶
ocsptool - GnuTLS OCSP toolSYNOPSIS¶
ocsptool [-flag [value]]... [--opt-name[[=| ]value]]... All arguments must be options.DESCRIPTION¶
Ocsptool is a program that can parse and print information about OCSP requests/responses, generate requests and verify responses.OPTIONS¶
- -d number, --debug=number
- Enable debugging. This option takes an integer number as
its argument. The value of number is constrained to being:
in the range 0 through 9999
- -V, --verbose
- More verbose output. This option may appear an unlimited
number of times.
- --infile=file
- Input file.
- --outfile=string
- Output file.
- --ask[=server name|url]
- Ask an OCSP/HTTP server on a certificate validity. This
option must appear in combination with the following options: load-cert,
load-issuer.
- -e, --verify-response
- Verify response.
- -i, --request-info
- Print information on a OCSP request.
- -j, --response-info
- Print information on a OCSP response.
- -q, --generate-request
- Generate an OCSP request.
- --nonce, --no-nonce
- Use (or not) a nonce to OCSP request. The no-nonce
form will disable the option.
- --load-issuer=file
- Read issuer certificate from file.
- --load-cert=file
- Read certificate to check from file.
- --load-trust=file
- Read OCSP trust anchors from file. This option must not
appear in combination with any of the following options: load-signer.
- --load-signer=file
- Read OCSP response signer from file. This option must not
appear in combination with any of the following options: load-trust.
- --inder, --no-inder
- Use DER format for input certificates and private keys. The
no-inder form will disable the option.
- -Q file, --load-request=file
- Read DER encoded OCSP request from file.
- -S file, --load-response=file
- Read DER encoded OCSP response from file.
- -h, --help
- Display usage information and exit.
- -!, --more-help
- Pass the extended usage information through a pager.
- -v [{v|c|n}], --version[={v|c|n}]
- Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice.
EXAMPLES¶
Print information about an OCSP request$ ocsptool -i -Q ocsp-request.der
$ cat ocsp-request.der | ocsptool --request-info
$ ocsptool -j -Q ocsp-response.der $ cat ocsp-response.der | ocsptool --response-info
$ ocsptool -q --load-issuer issuer.pem --load-cert client.pem --outfile ocsp-request.der
$ ocsptool -e --load-trust issuer.pem --load-response ocsp-response.der
$ ocsptool -e --load-signer ocsp-signer.pem --load-response ocsp-response.der
$ echo | gnutls-cli -p 443 blog.josefsson.org --print-cert > chain.pem
Authority Information Access Information (not critical): Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) Access Location URI: http://ocsp.CAcert.org/
$ ocsptool --ask ocsp.CAcert.org --load-issuer issuer.pem --load-cert cert.pem --outfile ocsp-response.der
EXIT STATUS¶
One of the following exit values will be returned:- 0 (EXIT_SUCCESS)
- Successful program execution.
- 1 (EXIT_FAILURE)
- The operation failed or the command syntax was not valid.
- 70 (EX_SOFTWARE)
- libopts had an internal operational error. Please report it to autogen-users@lists.sourceforge.net. Thank you.
SEE ALSO¶
certtool (1)
AUTHORS¶
Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls/AUTHORS for a complete list.COPYRIGHT¶
Copyright (C) 2000-2014 Free Software Foundation, and others all rights reserved. This program is released under the terms of the GNU General Public License, version 3 or later.BUGS¶
Please send bug reports to: bugs@gnutls.orgNOTES¶
This manual page was AutoGen-erated from the ocsptool option definitions.18 Sep 2014 | 3.3.8 |