Projects / OpenCA OCSP Responder

OpenCA OCSP Responder

The OpenCA OCSP Responder is an RFC 2560 compliant OCSPD responder. It can be used to verify the status of a certificate using OCSP clients (such as Mozilla/Netscape7). The Responder is actually included in the main OpenCA distribution package. It is also possible to install the daemon as a stand-alone application, in which case you will need a CRL (or access to an LDAP server where the CRL can be obtained).

Operating Systems

Recent releases

  •  11 May 2014 23:17

    Release Notes: Changes mostly involve updating support for LibPKI 0.8.5, which fixes HTTP performances issues.

    •  06 Aug 2013 22:26

      Release Notes: This version includes updated support for LibPKI 0.8.0, several memory leak fixes, a fix for a configuration parsing error that was preventing the reloading of expired CRLs, optimized network packet managing when sending responses, a fix for using specific hash algorithms in the responder's signatures (SHA-1 is needed to support old Cisco devices), improved support for the GET HTTP method and startup error logging, and support for a new '-testmode' switch that sets the OCSP as a test responder where all signatures are invalidated by flipping the first bit in the signature.

      •  12 Feb 2011 00:51

        Release Notes: This version updates default configuration files (default passin is set to none), adds enhanced support for ECDSA, and updates thread management with built-in support from LibPKI 0.6.3. The start/stop script, a memory error in config.c that caused a segfault on CRL reload, and an extra two bytes sent out after the DER encoding of the response is written, which was causing Firefox/Thunderbird not to validate the answer were fixed. An error in the return code check for PKI_NET_listen was also fixed, along with an error in config parsing when no bind address was provided.

        •  17 Nov 2010 23:26

          Release Notes: Extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, and IPv6 support.

          •  21 Oct 2006 22:21

            Release Notes: Thread support was added. HTTP header parsing was improved.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.