spacebar/ocsp-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36 Commits 1 Branch 0 Tags
300d0c735e074ca734a499c5f02f71bd32c64095
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Renovate Bot 300d0c735e squash: fix(deps): update module golang.org/x/crypto to v0.40.0 
Squashed commit of the following:

* fix(deps): update module golang.org/x/crypto to v0.40.0

See merge request https://ref.ci/fsrvcorp/pki/ocspcrl/-/merge_requests/7
2025-07-11 06:19:08 +00:00
.github/workflows
ci: add github release workflow
2025-04-21 18:00:07 +02:00
init
fix: systemd stuff; pipeline; packagebuild
2025-01-22 13:32:24 +01:00
internal
style: please the linters
2025-01-22 13:34:40 +01:00
.gitignore
feat: crl support, metrics
2025-01-21 08:33:49 +01:00
.gitlab-ci.yml
chore(deps): update goreleaser/goreleaser docker digest to 1661cf5
2025-07-09 10:27:52 +00:00
.goreleaser.yaml
fix: systemd stuff; pipeline; packagebuild
2025-01-22 13:32:24 +01:00
go.mod
squash: fix(deps): update module golang.org/x/crypto to v0.40.0
2025-07-11 06:19:08 +00:00
go.sum
squash: fix(deps): update module golang.org/x/crypto to v0.40.0
2025-07-11 06:19:08 +00:00
LICENSE
doc: add license info file
2025-04-21 15:56:29 +00:00
main.go
feat: add ca endpoints
2025-06-21 19:03:10 +00:00
README.md
feat: add ca endpoints
2025-06-21 19:03:10 +00:00
renovate.json
squash: chore: Configure Renovate
2025-04-21 16:17:47 +00:00
test.sh
feat: crl support, metrics
2025-01-21 08:33:49 +01:00

README.md

OCSPCRL

OCSPCRL is a minimal implementation of both a OCSP and CRL server in Golang. It provides the following http endpoints:

Endpoint Description
/ocsp OCSP responder supporting both GET and POST requests
/crl CRL responder in DER format
/crl.pem CRL responder in PEM format
/ca Issuer CA certificate in DER format
/ca.pem Issuer CA certificate in PEM format

All what you need is to provide a CRL file, the root certificate and cert/key with extendedKeyUsage OCSPSigning to allow the OCSP server to sign the OCSP responses. When using OCSP, the certificate is checked against the CRL for validity.

Synchronization of the CAs CRL is out of scope of this project. You can use any mechanism to update the CRL file. Just notify the ocspcrl server process via SIGHUP signal to reload the CRL file.

Reference in New Issue View Git Blame Copy Permalink
Description
A OCSP responder and CRL server written in Go
Readme 96 KiB
Languages
Go 95.9%
Shell 4.1%