ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

Implement an OCSP endpoint

• application endpoint that reads the OSCP request from the request (in case of get -> URL parameter, in case of POST request body - see RFC for details)
• endpoint will be GET/POST /api/ocsp/{ca_id}
• OCSP request will be passed to CRL/OCSP service
• CRL/OCSP service will generate the index file and calls (maybe via cryptography service) OpenSSL to generate OCSP response. The response is then returned to the controller.
• Both response and request are DER encoded data, so they are not readable...
• For signing OCSP additional certificate issued by the CA corresponding to the OCSP endpoint must be used. (this can be checked in RFC)

Reviewer: Jan Pašek