OCSP Responder
OPENSOURCE SECURITY AND IDENTITY MANAGEMENT SOLUTIONS
OCSP Responder
OCSPD v3.1.2
A new version is available!

The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs.

The OCSP Responder is an rfc2560 compliant OCSPD responder. The purpose of such a server is to provide an on-line tool to verify the status of a certificate (such as Mozilla/Firefox/Netscape7).

The Responder was included into the main OpenCA distribution package. It is also possible to install the daemon as a stand-alone application, all you will need is a CRL (or access to an LDAP server where to get the CRL from).

The software is reported to work with Mozilla/Netscape. If you have carried out some testing and want to discuss it with us, please just send an e-mail or subscribe the ocspd mailing lists.

VULNERABILITIES REPORTING

In order to report issues or vulnerabilities found in the software, please use the dedicated ocspd-issues -at- openca -dot- org address for private submissions or the OCSPD issues tracker for public issues.

OCSPD v3.1.2 (Diamond)
by #madwolf @ 04.06.2018

The new version (v3.1.2/Diamond) of the OpenCA's OCSPD is available. This release provides fixes over the previous one. Some of which are: updated requirement for libpki (now 0.8.9), improved HTTP messages handling, fixed responderId generation for the keyid case, initial skeleton support for responses caching, fixed memory leak issues for CRL reloading. Download the new version for your system in the OCSPD download pages.

OCSPD v3.1.1 (Rodeo)
by #madwolf @ 13.08.2014

The new version (v3.1.1/Rodeo) of the OpenCA's OCSPD is available. This release provides fixes over the previous one. Some of which are: updated requirement for libpki (now 0.8.8), fixed generating normal responses when crlCheckValidity is set to '0' and the CRL is outside its validity period (previous behavior was to send a tryLater response). Download the new version for your system in the OCSPD download pages.

LIBPKI UPGRADE REQUIRED
by #madwolf @ 24.03.2015

A new version of LibPKI (v0.8.8) is available for download. The new version fixes important bugs that might affect the installation of the OCSPD. Everybody is STRONGLY encouraged to upgrade the LibPKI package to the latest available version.

OCSPD v3.1.0 (Steamy)
by #madwolf @ 13.08.2014

The new version (v3.1.0/Steamy) of the OpenCA's OCSPD is available. This release provides many new features and fixes over the previous one. Some of which are: updated support for libpki 0.8.7, fixed HTTP GET message handling, leverage the new PKI_MEM encoding interface, enhanced performances (up to 8,000 signatures per second in software). Download the new version for your system in the OCSPD download pages.

OCSPD v3.0.0 (FreeDom)
by #madwolf @ 10.05.2014

The new version (v3.0.0/FreeDom) of the OpenCA's OCSPD is available. Changes mostly involve updating support for LibPKI 0.8.5 which fixes HTTP performances issues. Download the new version for your system in the OCSPD download pages.

OCSPD v2.4.3 (BeHappy)
by #madwolf @ 24.09.2013

The new version (v2.4.3/BeHappy) of the OpenCA's OCSPD is available. Changes mostly involve updating support for LibPKI 0.8.1 which fixes a URI parsing issue with HTTP GET requests. Download the new version for your system in the OCSPD download pages.

OCSPD v2.4.2 (Ocampa)
by madwolf @ 03.08.2013

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: updated support for LibPKI 0.8.0, fixed start/stop script, fixed memory leaks, fixed error in configuration that prevented the reloading of expired CRLs, improved response time, fixed support for GET request types.

OCSPD v2.1.0 (Ellie)
by madwolf @ 11.02.2011

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: Updated default configuration files (default passin set to none), enhanced support for ECDSA support, updated thread management with builtin support from LibPKI 0.6.3, fixed start/stop script, fixed a memory error in config.c causing segfault on CRL reload, deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer), fixed an error in return code check for PKI_NET_listen, fixed error in config parsing when no bind address was provided.

OCSPD Firefox Fix
by madwolf @ 19.11.2010

Due to a bug in Firefox (memory management), you need to have the OCSPD to be compiled against the LibPKI v0.6.1+. Please download the source code and re-compile the daemon once you updated the crypto library.

OCSPD 2.0.0
by madwolf @ 17.11.2010

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version (mostly coming from supporting for LibPKI v0.6.0) are: extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, IPv6 support.

OCSPD 1.9.0-rc1
by madwolf @ 21.10.2006

New release candidate (rc1) available for download. Major improvements are: threads support and improved HTTP headers parsing.

68,190