Skip to content

OCSP Protocol

Jump to bottom Edit New page
hewigovens edited this page Jan 5, 2013 · 2 revisions

###OCSP Protocol Online Certificate Status Protocol
daemon location:/usr/sbin/ocspd
crls location:/var/db/crls

Scenario

  • Click Certificate in KeyChain Access.app will send OCSP request to apple
  • Signed Installer package will also verify the certificate with apple server
  • example:
POST /ocsp-devid02 HTTP/1.1
Host: ocsp.apple.com
User-Agent: ocspd (unknown version) CFNetwork/520.4.3 Darwin/11.4.0 (x86_64) (iMac12%2C1)
Content-Length: 80
Content-Type: application/ocsp-request
Connection: close

0N0L.....0E0C0A0...+........3....h..!M....Jid<*l..W.....|.......-,...T.....&....
HTTP/1.1 200 OK
Age: 1         
Date: Thu, 26 Jul 2012 22:48:07 GMT
Connection: Keep-Alive
Via: NS-CACHE-8.0:   1
ETag: "KXNANFFLFIZWXLWN"
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: application/ocsp-response
Content-Length: 3434

kerenlpanic.im wiki, powered by Github/Gollum. Analytics

Clone this wiki locally