urlscan.io logo urlscan.io
SecurityTrails logo

support.axway.com Open in urlscan Pro
91.221.255.126  Public Scan

Back to summary
URL: https://support.axway.com/kb/178502/language/en
Submission: On January 12 via manual from US — Scanned from FR

Form analysis 0 forms found in the DOM

Text Content

Skip to main contentGo to home pageOpens in a new tab
Support


RESULTS FOR

No results.

Esc


SEARCH FOR WITHIN DOCUMENTATION PORTAL

 *  * Documentation
    * Developer
    * Community
    * Support
    * University
    * Download Center
      * Products
      * Extensions
      * Premium Modules
   
    * --------------------------------------------------------------------------------
   
    * Axway.com
    * Blogs
    * YouTube Channel

EN
 * English
 * Français

PlatformSign in


KB ARTICLE #178502


HOW TO DECODE AN OCSP REQUEST OR OCSP RESPONSE




PROBLEM

OCSP requests and OCSP responses are present in log files as base64 blobs and it
is not clear how to decode them, particularly on machines that are unable to
download tools from the internet.




RESOLUTION

The OCSP traffic has two layers of encoding: the outer layer is base64 encoding
and the inner layer is ASN.1 decoding. The OpenSSL command line tool ships with
most VA-family products and can decode that into a human-readable format with a
few commands. The examples assume that OpenSSL is on your path. Otherwise you
may have to run the commands from the directory containing the OpenSSL command
line tool and reference all the files via their full path.




First, save the base64 blob from the logs into a file which I will call
base64.txt in the examples below, then decode it into a binary ASN.1 encoded
file named ocsp.bin like so:




openssl enc -d -A -base64 -in base64.txt -out ocsp.bin




Next, decode the OCSP request or response. There's a different command depending
on which of the two you have:




OCSP Request:

openssl ocsp -reqin ocsp.bin -text -noverify




OCSP Response:

openssl ocsp -respin ocsp.bin -text -noverify




This will print out the full response in a human-readable way that is useful for
debugging, similar to the following:




OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: FD48ADDDCB7B00E20E842AA9B409F1AC3034CF96
          Issuer Key Hash: A0EA7389DB29FB108F9EE50120D4DE79994883F7
          Serial Number: 9014195F66FAFF8FD66E12496E516F4F
    Request Extensions:
        OCSP Nonce:
            0010DA634F2ADC31DC48AE89BE64E8252D12
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: A0EA7389DB29FB108F9EE50120D4DE79994883F7
    Produced At: Jan  1 08:45:00 2014 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: FD48ADDDCB7B00E20E842AA9B409F1AC3034CF96
      Issuer Key Hash: A0EA7389DB29FB108F9EE50120D4DE79994883F7
      Serial Number: 9114195F66FAFF8FD66E12496E516F4F
    Cert Status: good
    This Update: Jan  1 08:45:00 2014 GMT
    Next Update: Jan 16 09:00:00 2014 GMT
    Signature Algorithm: sha1WithRSAEncryption
         50:21:4c:dc:84:21:f7:a8:ac:a7:b9:bc:10:19:f8:19:f1:34:
         c1:63:ca:14:7f:8f:5a:85:2a:cc:02:b0:f8:b5:05:4a:0f:28:
         50:2a:4a:4d:04:01:b5:05:ef:a5:88:41:d8:9d:38:00:7d:76:
         1a:aa:ff:21:50:68:90:d2:0c:93:85:49:e7:8e:f1:58:08:77:
         a0:4e:e2:22:98:01:b7:e3:27:75:11:f5:b7:8f:e0:75:7d:19:
         9b:74:cf:05:dc:ae:1c:36:09:95:b6:08:bc:e7:3f:ea:a2:e3:
         ae:d7:8f:c0:9d:8e:c2:37:67:c7:5b:d8:b0:67:23:f1:51:53:
         26:c2:96:b0:1a:df:4e:fb:4e:e3:da:a3:98:26:59:a8:d7:17:
         69:87:a3:68:47:08:92:d0:37:04:6b:49:9a:96:9d:9c:b1:e8:
         cb:dc:68:7b:4a:4d:cb:08:f7:92:67:41:99:b6:54:56:80:0c:
         18:a7:24:53:ac:c6:da:1f:4d:f4:3c:7d:68:44:1d:a4:df:1d:
         48:07:85:52:86:59:46:d1:35:45:1a:c7:6b:6b:92:de:24:ae:
         c0:97:66:54:29:7a:c6:86:a6:da:9f:06:24:dc:ac:80:66:95:
         e0:eb:49:fd:fb:d4:81:6a:2b:81:41:57:24:78:3b:e0:66:70:
         d4:2e:52:92
cert.pem: good
    This Update: Jan  1 08:45:00 2014 GMT
    Next Update: Jan 16 09:00:00 2014 GMT










STILL NEED HELP?

If this information wasn't helpful to you, just drop us a line. We'll get back
to you as soon as possible.


GENERAL INFORMATION

This article is flagged

Published: 28 March 2017 Last Modified: 20 November 2018



CATEGORIES

 * Customer




AFFECTED PRODUCTS

 * Validation Authority All Versions
 * Desktop Validator All Versions
 * Server Validator All Versions


AFFECTED OS

 * win-x86-64
 * win-x86-32
 * sun-sparc-64
 * sun-sparc-32
 * linux-x86-64
 * linux-x86-32
 * ap-x86-64
 * ...Other


RELATED ARTICLES

 * 8 JAN 2015 OpenSSL Security Advisory Effects on Validation Authority, Desktop
   Validator & Server Validator
 * Does Validation Authority, Desktop Validator or Server Validator contain
   Kaspersky Lab code?
 * Do Apache POI or STRUTS CVEs apply to DV, SV or VA?
 * VA and the OpenSSL Security Advisory [3 Dec 2015]
 * Desktop Validator is Not Vulnerable to Heartbleed (CVE-2014-0160)

 * ©2022 Axway, All Rights Reserved.

 * Terms of Use
 * Privacy Statement
 * Code of Ethics
 * Privacy Compliance Program - GDPR

 * 
 * 
 * 
 * 
 * 
 *