Create your own OCSP server

  1. This requires the support of OpenSSL in your machine. So please install OpenSSL if it is not already installed.
  2. An OpenSSL CA requires few files and some supporting directories to work. Follow the below commands to create that folder structure(Create the directory structure according to your openssl.cnf).
  1. In order to host an OCSP server, an OCSP signing certificate has to be generated. Run following 2 commands.
  • openssl req -new -nodes -out ocspSigning.csr -keyout ocspSigning.key
  • openssl ca -keyfile rootCA.key -cert rootCA.crt -in ocspSigning.csr -out ocspSigning.crt -config validation.conf
  1. If you want to revoke the certificate run following command



Associate Technical Lead @ WSO2

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store