is the format for "index.txt" database file of a CA defined somewhere?
I want to run "openssl ocsp" as a small test OCSP responder, which
needs this index file as input. For testing purposes I would like to
manipulate some lines of this file, but I can't find any documentation
about the format?
By the way, is there a possibility to use a real database instead
of this plain ASCII file?
Thanks in advance,
Marco
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Hi=20
=20
The index.txt is an ascii file consisting of four fields
=20
eg ) V 051213070133Z B3500880020644B6 unknown /C=3DIN/ST=3DTamilNadu=
/O=3Dcbe/CN=3Dtest
=20
where:
V - Certificate is Valid (R for revoked cer=
tificates )
051213070133Z - Date upto which the certificate is valid
B3500880020644B6 - Serial number of the certificate
/C=3DIN/ST=3DTamilNadu/O=3Dcbe/CN=3Dtest - subject of the certificate
Thanks,
Prakash
Thanks in advance,
Marco
=09
---------------------------------
Start your day with Yahoo! - make it your home page=20
--0-516030346-1124977267=:50614
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<DIV>Hi </DIV>
<DIV> </DIV>
<DIV>The index.txt is an ascii file consisting of four fields</DIV>
<DIV> </DIV>
<DIV><STRONG>eg ) V 051213070133Z B3500=
880020644B6 unknown /C=3DIN/ST=3DTamilNadu/O=3Dcbe/CN=3Dtest</=
STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>where:</STRONG></DIV>
<DIV> V &=
nbsp; &n=
bsp; - Certificate is Valid (R for re=
voked certificates )<BR> 051213070133Z =
- Date upto which the certificate is valid<BR> B3=
500880020644B6 - Serial number of the certificate<BR> /C=3DIN/=
ST=3DTamilNadu/O=3Dcbe/CN=3Dtest - subject of the certificate<BR><BR>Than=
ks,</DIV>
<DIV>Prakash</DIV>
<DIV><BR><B><I>Marco Klasmeyer <marco.k...@smgwtest.aachen.utimac=
o.de></I></B> wrote:</DIV>
<BLOCKQUOTE class=3Dreplbq style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #1010ff 2px solid">Hello,<BR><BR>is the format for "index.tx=
t" database file of a CA defined somewhere?<BR>I want to run "openssl ocs=
p" as a small test OCSP responder, which<BR>needs this index file as inpu=
t. For testing purposes I would like to<BR>manipulate some lines of this =
file, but I can't find any documentation<BR>about the format?<BR><BR>By t=
he way, is there a possibility to use a real database instead<BR>of this =
plain ASCII file?<BR><BR>Thanks in advance,<BR>Marco<BR><BR>_____________=
_________________________________________________________<BR>OpenSSL Proj=
ect http://www.openssl.org<BR>User Support Mailing List openssl-users@ope=
nssl.org<BR>Automated List Manager majo...@openssl.org<BR></BLOCKQUOTE>=
<p>
<hr size=3D1> <a href=3D"http://us.rd.yahoo.com/evt=3D34442/*http://www=
.yahoo.com/r/hs">Start your day with Yahoo! - make it your home page </a>
--0-516030346-1124977267=:50614--
The index.txt file is an ascii file consisting of 6 (not 4) tab-separated
fields. Some of those fields may be empty and might appear not to exist at
all.
The 6 fields are:
0) Entry type. May be "V" (valid), "R" (revoked) or "E" (expired).
Note that an expired may have the type "V" because the type has
not been updated. 'openssl ca updatedb' does such an update.
1) Expiration datetime.
2) Revokation datetime. This is set for any entry of the type "R".
3) Serial number.
4) File name of the certificate. This doesn't seem to be used,
ever, so it's always "unknown".
5) Certificate subject name.
prakash babu writes:
> Hi
>
> The index.txt is an ascii file consisting of four fields
>
> eg ) V 051213070133Z B3500880020644B6 unknown /C=IN/ST=TamilNadu/O=cbe/CN=test
>
> where:
> V - Certificate is Valid (R for revoked certificates )
> 051213070133Z - Date upto which the certificate is valid
> B3500880020644B6 - Serial number of the certificate
> /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate
>
> Thanks,
> Prakash
>
> Marco Klasmeyer <marco.k...@smgwtest.aachen.utimaco.de> wrote:
> Hello,
>
> is the format for "index.txt" database file of a CA defined somewhere?
> I want to run "openssl ocsp" as a small test OCSP responder, which
> needs this index file as input. For testing purposes I would like to
> manipulate some lines of this file, but I can't find any documentation
> about the format?
>
> By the way, is there a possibility to use a real database instead
> of this plain ASCII file?
>
> Thanks in advance,
> Marco
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>
>
> ---------------------------------
> Start your day with Yahoo! - make it your home page
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte ric...@levitte.org
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
Thanks to all,
Marco
> *eg ) V 051213070133Z B3500880020644B6 unknown
> /C=IN/ST=TamilNadu/O=cbe/CN=test*
> **
> *where:*
> V - Certificate is Valid (R for revoked
> certificates )
and E for expired.
> 051213070133Z - Date upto which the certificate is valid
> B3500880020644B6 - Serial number of the certificate
> /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate
If a certificate is revoked, there is another
field with the date of revocation, so a revoked
entry looks like this:
R 060920165425Z 050315152021Z 0B unknown /C=US/O=Organization/CN=Name
In the other cases (Valid and Expired), there is still an empty
field in this (so between the expiry date and the serial number
there are two tabulators). So the format is:
E|R|V<tab>Expiry<tab>[RevocationDate]<tab>Serial<tab>unknown<tab>SubjectDN
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE o...@pre-secure.de
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet