Ping a Specific Port

Question

StanTastic

Asked: 2021-09-29 02:47:36 +0800 CST2021-09-29 02:47:36 +0800 CST 2021-09-29 02:47:36 +0800 CST

Check OCSP on Linux with GET method

772

I want to verify operation of Microsoft OCSP server from Linux. I tried using OpenSSL, but it always returns:

Error querying OCSP responder 140643157128320:error:27076072:OCSP routines:parse_http_line1:server response error:../crypto/ocsp/ocsp_ht.c:260:Code=405,Reason=Method Not Allowed

I checked on the server side and noticed that OpenSSL uses POST method, as opposed to GET method used by certutil (which works fine):

# certutil Request
2021-09-28 10:26:51 10.11.12.13 GET /ocsp/<OCSP request> - 80 - 10.11.12.14 Microsoft-CryptoAPI/10.0 - 200 0 0 4583
# OpenSSL Request
2021-09-28 10:26:51 10.11.12.13 POST / - 80 - 10.11.12.15 - - 405 0 1 5991

Seems that OpenSSL can't be forced to use GET instead of post, but perhaps there's some other utility?

Or conversely, is there a method to force MS OCSP responder to work with POST as well?

1 Answers

Voted

garethTheRed · Answer 1 · 2021-10-02T04:57:50+08:00

Best Answer

garethTheRed

2021-10-02T04:57:50+08:002021-10-02T04:57:50+08:00

You need to add the -no_nonce option to OpenSSL.

Microsoft OCSP server doesn't support nonce in the requests.

2

Check OCSP on Linux with GET method

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?