OCSP Protocol
hewigovens edited this page Jan 5, 2013
·
2 revisions
###OCSP Protocol
Online Certificate Status Protocol
daemon location:/usr/sbin/ocspd
crls location:/var/db/crls
Scenario
- Click Certificate in KeyChain Access.app will send OCSP request to apple
- Signed Installer package will also verify the certificate with apple server
- example:
POST /ocsp-devid02 HTTP/1.1
Host: ocsp.apple.com
User-Agent: ocspd (unknown version) CFNetwork/520.4.3 Darwin/11.4.0 (x86_64) (iMac12%2C1)
Content-Length: 80
Content-Type: application/ocsp-request
Connection: close
0N0L.....0E0C0A0...+........3....h..!M....Jid<*l..W.....|.......-,...T.....&....
HTTP/1.1 200 OK
Age: 1
Date: Thu, 26 Jul 2012 22:48:07 GMT
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
ETag: "KXNANFFLFIZWXLWN"
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: application/ocsp-response
Content-Length: 3434