Versions Compared

Old Version 3

changes.mady.by.user Josefin Klang

Saved on

compared with

New Version 4

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
ocsp_client -verbose -url <url> -certstore <trust-store> -nonce
-servicelocator <url> -authcert <certificate> -authpin <pin>
-pkcs11lib <lib> -provider <provider> -signalg <algorithm>
-signcert <certificate> -signpin <pin> -[no]chain <serial-nr> ...

Table...


Options and ArgumentsDescription
-authcert <certificate>

The certificate to use for TLS client authentication. Replace <certificate> with either the filename of the PKCS12 encoded token or unique part of subject DN of certificates in PKCS11 key store. See also -pkcs11lib.

-authpin <pin>Replace <pin> with the pin to use for accessing the key associated with the certificate.
-certstore <trust-store>Replace <trust-store> with the name of a file containing root CAs and subordinate CAs.
-signcert <certificate>The certificate to use for signing the OCSP request. Replace <certificate> with either the filename of PKCS12 encoded token or unique part of subject DN of certificates in PKCS11 key store. See also -pkcs11lib.
-signpin <pin>Replace <pin> with the pin to use for accessing the key associated with the certificate.
-chainUse this option to add a certificate chain to the signed OCSP request. Only the signature certificate will be used in the signed OCSP request by default.
-nochainUse this option to not add the signature certificate or chain to the signed OCSP request.
-nonceUse this option to add a random nonce to the request.
-pkcs11lib <lib>Replace <lib> with the name of a PKCS11 library. Must be specified to use authentication or signature certificate in a PKCS11 key store.
-provider <provider>Replace <provider> with the provider name or class name of a JCE provider to perform the signature.
-servicelocator <url>Replace <url> with the location of an alternate OCSP responder that the responder we query can redirect the request to.
-signalg <algorithm>Replace <algorithm> with the name of the signature algorithm to use.
-url <url>Replace <url> with the location of the OCSP responder to send a request to.
-verboseUse this option to print out debug data and more information about the response.
<serial-nr>Either a file containing the certificate one wants to query the status of or a certificate serial number and issuer name specified as: <number>:<issuer DN or part of>. The number can be specified either as decimal or as hexadecimal, prefixed with 0x.

...