ocspd - Man Page

OCSP Daemon


openca-ocspd [-d] [-p n] [-b address] [-c file] [-md digest] [-k passwd] [-i passin] [-e engine] [-r chroot_dir] [-v]


The openca-ocspd is an RFC2560 compliant OCSPD responder. It can be used to verify the status of a certificate using OCSP clients (such as Mozilla/Netscape7).



detach the main process from the calling process.

-p n

specifies the port to bind to. Default is 2560.

-b address

specifies the IP address to bind to. Default behaviour is to listen to every IP available (equal to '*' value).

-c file

specifies the configuration file to be loaded. Default file loaded is /usr/local/etc/ocspd.conf.

-md digest

specifies the digest to be used when generating responses. Default is sha1.

-k passwd

specifies the password to be used when loading the private key.

-i passin

the key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

-engine id

specifying an engine (by it's unique id string) will cause the responder to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

-r chroot_dir

Chroot the application into the specified directory.


this prints extra details about the operations being performed.


Actually not extensive testing has been carried out, anyway this daemon is reported to work with Mozilla/Netscape.

To reload the certificate's db simply send a SIGHUP to the main process ( kill -s SIGHUP pid ).


        openca-ocspd -c contrib/ocspd.conf


Massimiliano Pala <madwolf@openca.org>

See Also

openca(3),openssl(1), ocsp(1)

Referenced By


2007-04-17 openca-ocspd 1.5.1 OpenCA Contributed Manual