The OCSP service of the Certification Entity of the OMC offers standardised information based on the►RFC 2560. regarding the state of a digital certificate issued by the EC-OMC indicating whether the consulted certificate is active, suspended or revoked. This service responds to the client applications that make a standardised petition and know how to interpret the response.
The OCSP service is available at the address http://ocsp.cgcom.es. The information about the service is also specified in the actual certificate on the extension AIA (Authority Information Access).
- At the address http://ocsp.cgcom.es the requests about the state of all certificates issued by the Certification Entity of the OMC are answered.
As an example of access to the OCSP of EC-OMC we will use OPENSSL:
openssl ocsp -issuer ECOMC_64.cer -cert certificado_a_validar_b64.cer -CAfile ECOMC_64.cer -url http://ocsp.cgcom.es -no_nonce -text -VAfile OMC_OSCP_Responder_64.cer
where ECOMC_64 is the intermediary root certificate of the CA-OMC encrypted in base 64, certificado_a_validar_b64.cer is the certificate to be tested encrypted in base 64 and OMC_OSCP_Responder_64.cer is the certificate for validating the encrypted certificates in base 64.
As response we will obtain:
Response verify OK
oscp_prueba_cert_b64.cert.cer: revoked
This Update: Mar 11 11:41:40 2015 GMT
Next Update: Mar 15 11:41:40 2015 GMT
Reason: keyCompromise
Revocation Time: Dec 19 10:56:03 2014 GMT
To validate the response from the OCSP server we will need the following certificates:
OCSP certificate for validation of the certificates issued by the EC-OMC encrypted in base 64- CA intermediary EC-OMC certificate encrypted in base 64
For more information, you may contact us at the address: certificacion@cgcom.es
English
Español
