Format of file index.txt database of a CA

Marco Klasmeyer

unread,

Aug 25, 2005, 6:59:00 AM8/25/05

to

Hello,

is the format for "index.txt" database file of a CA defined somewhere?
I want to run "openssl ocsp" as a small test OCSP responder, which
needs this index file as input. For testing purposes I would like to
manipulate some lines of this file, but I can't find any documentation
about the format?

By the way, is there a possibility to use a real database instead
of this plain ASCII file?

Thanks in advance,
Marco

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

prakash babu

unread,

Aug 25, 2005, 9:41:34 AM8/25/05

to

--0-516030346-1124977267=:50614
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi=20
=20
The index.txt is an ascii file consisting of four fields
=20
eg ) V 051213070133Z B3500880020644B6 unknown /C=3DIN/ST=3DTamilNadu=
/O=3Dcbe/CN=3Dtest
=20
where:
V - Certificate is Valid (R for revoked cer=
tificates )
051213070133Z - Date upto which the certificate is valid
B3500880020644B6 - Serial number of the certificate
/C=3DIN/ST=3DTamilNadu/O=3Dcbe/CN=3Dtest - subject of the certificate

Thanks,
Prakash

Thanks in advance,
Marco

=09
---------------------------------
Start your day with Yahoo! - make it your home page=20
--0-516030346-1124977267=:50614
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<DIV>Hi </DIV>
<DIV> </DIV>
<DIV>The index.txt is an ascii file consisting of four fields</DIV>
<DIV> </DIV>
<DIV><STRONG>eg )   V  051213070133Z  B3500=
880020644B6  unknown /C=3DIN/ST=3DTamilNadu/O=3Dcbe/CN=3Dtest</=
STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>where:</STRONG></DIV>
<DIV> V          &=
nbsp;           &n=
bsp;      - Certificate is Valid  (R for re=
voked certificates )<BR> 051213070133Z     =
    - Date upto which the certificate is valid<BR> B3=
500880020644B6  - Serial number of the certificate<BR> /C=3DIN/=
ST=3DTamilNadu/O=3Dcbe/CN=3Dtest - subject of the certificate<BR><BR>Than=
ks,</DIV>
<DIV>Prakash</DIV>
<DIV><BR><B><I>Marco Klasmeyer <marco.k...@smgwtest.aachen.utimac=
o.de></I></B> wrote:</DIV>
<BLOCKQUOTE class=3Dreplbq style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #1010ff 2px solid">Hello,<BR><BR>is the format for "index.tx=
t" database file of a CA defined somewhere?<BR>I want to run "openssl ocs=
p" as a small test OCSP responder, which<BR>needs this index file as inpu=
t. For testing purposes I would like to<BR>manipulate some lines of this =
file, but I can't find any documentation<BR>about the format?<BR><BR>By t=
he way, is there a possibility to use a real database instead<BR>of this =
plain ASCII file?<BR><BR>Thanks in advance,<BR>Marco<BR><BR>_____________=
_________________________________________________________<BR>OpenSSL Proj=
ect http://www.openssl.org<BR>User Support Mailing List openssl-users@ope=
nssl.org<BR>Automated List Manager majo...@openssl.org<BR></BLOCKQUOTE>=
<p>
<hr size=3D1> <a href=3D"http://us.rd.yahoo.com/evt=3D34442/*http://www=
.yahoo.com/r/hs">Start your day with Yahoo! - make it your home page </a>
--0-516030346-1124977267=:50614--

Richard Levitte

unread,

Aug 25, 2005, 10:55:42 AM8/25/05

to

Correction:

The index.txt file is an ascii file consisting of 6 (not 4) tab-separated
fields. Some of those fields may be empty and might appear not to exist at
all.

The 6 fields are:

0) Entry type. May be "V" (valid), "R" (revoked) or "E" (expired).
Note that an expired may have the type "V" because the type has
not been updated. 'openssl ca updatedb' does such an update.
1) Expiration datetime.
2) Revokation datetime. This is set for any entry of the type "R".
3) Serial number.
4) File name of the certificate. This doesn't seem to be used,
ever, so it's always "unknown".
5) Certificate subject name.

prakash babu writes:

> Hi

>
> The index.txt is an ascii file consisting of four fields
>

> eg ) V 051213070133Z B3500880020644B6 unknown /C=IN/ST=TamilNadu/O=cbe/CN=test
>
> where:
> V - Certificate is Valid (R for revoked certificates )

> 051213070133Z - Date upto which the certificate is valid
> B3500880020644B6 - Serial number of the certificate

> /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate

>
> Thanks,
> Prakash
>
> Marco Klasmeyer <marco.k...@smgwtest.aachen.utimaco.de> wrote:
> Hello,
>
> is the format for "index.txt" database file of a CA defined somewhere?
> I want to run "openssl ocsp" as a small test OCSP responder, which
> needs this index file as input. For testing purposes I would like to
> manipulate some lines of this file, but I can't find any documentation
> about the format?
>
> By the way, is there a possibility to use a real database instead
> of this plain ASCII file?
>
> Thanks in advance,
> Marco
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>
>

> ---------------------------------
> Start your day with Yahoo! - make it your home page

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte ric...@levitte.org
http://richard.levitte.org/

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis

Marco Klasmeyer

unread,

Aug 25, 2005, 11:30:39 AM8/25/05

to

That clarifies everything!

Thanks to all,
Marco

Olaf Gellert

unread,

Aug 25, 2005, 12:29:20 PM8/25/05

to

prakash babu wrote:

> *eg ) V 051213070133Z B3500880020644B6 unknown
> /C=IN/ST=TamilNadu/O=cbe/CN=test*
> **
> *where:*

> V - Certificate is Valid (R for revoked
> certificates )

and E for expired.

> 051213070133Z - Date upto which the certificate is valid
> B3500880020644B6 - Serial number of the certificate
> /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate

If a certificate is revoked, there is another
field with the date of revocation, so a revoked
entry looks like this:

R 060920165425Z 050315152021Z 0B unknown /C=US/O=Organization/CN=Name

In the other cases (Valid and Expired), there is still an empty
field in this (so between the expiry date and the serial number
there are two tabulators). So the format is:

E|R|V<tab>Expiry<tab>[RevocationDate]<tab>Serial<tab>unknown<tab>SubjectDN

Cheers, Olaf

--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE o...@pre-secure.de

A daily view on Internet Attacks
https://www.ecsirt.net/sensornet

birajdar...@gmail.com

unread,

Jan 19, 2015, 7:10:59 AM1/19/15

to

Dear Olaf Gellert,

I am unable to identify the date & time (example - dd/mm/yyhhmmss) format of Expiration date-time (date upto which the certificate is valid.)

for example: 051213070133Z

Please specify the exact Expiration date-time format.

Response awaited.

Regards,
Manjiri Birajdar
Project Engineer
C-DAC, Pune

cco...@instartlogic.com

unread,

Feb 11, 2015, 7:47:28 PM2/11/15

to

On Monday, January 19, 2015 at 4:10:59 AM UTC-8, birajdar...@gmail.com wrote:
> for example: 051213070133Z

yymmddHHMMSSZ (Z = Zulu = UTC)

Yes, two digit year... who still does this nowadays?