support.axway.com
Open in
urlscan Pro
91.221.255.126
Public Scan
URL:
https://support.axway.com/kb/178502/language/en
Submission: On January 12 via manual from US — Scanned from FR
Submission: On January 12 via manual from US — Scanned from FR
Form analysis
0 forms found in the DOMText Content
Skip to main contentGo to home pageOpens in a new tab Support RESULTS FOR No results. Esc SEARCH FOR WITHIN DOCUMENTATION PORTAL * * Documentation * Developer * Community * Support * University * Download Center * Products * Extensions * Premium Modules * -------------------------------------------------------------------------------- * Axway.com * Blogs * YouTube Channel EN * English * Français PlatformSign in KB ARTICLE #178502 HOW TO DECODE AN OCSP REQUEST OR OCSP RESPONSE PROBLEM OCSP requests and OCSP responses are present in log files as base64 blobs and it is not clear how to decode them, particularly on machines that are unable to download tools from the internet. RESOLUTION The OCSP traffic has two layers of encoding: the outer layer is base64 encoding and the inner layer is ASN.1 decoding. The OpenSSL command line tool ships with most VA-family products and can decode that into a human-readable format with a few commands. The examples assume that OpenSSL is on your path. Otherwise you may have to run the commands from the directory containing the OpenSSL command line tool and reference all the files via their full path. First, save the base64 blob from the logs into a file which I will call base64.txt in the examples below, then decode it into a binary ASN.1 encoded file named ocsp.bin like so: openssl enc -d -A -base64 -in base64.txt -out ocsp.bin Next, decode the OCSP request or response. There's a different command depending on which of the two you have: OCSP Request: openssl ocsp -reqin ocsp.bin -text -noverify OCSP Response: openssl ocsp -respin ocsp.bin -text -noverify This will print out the full response in a human-readable way that is useful for debugging, similar to the following: OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: FD48ADDDCB7B00E20E842AA9B409F1AC3034CF96 Issuer Key Hash: A0EA7389DB29FB108F9EE50120D4DE79994883F7 Serial Number: 9014195F66FAFF8FD66E12496E516F4F Request Extensions: OCSP Nonce: 0010DA634F2ADC31DC48AE89BE64E8252D12 OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: A0EA7389DB29FB108F9EE50120D4DE79994883F7 Produced At: Jan 1 08:45:00 2014 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: FD48ADDDCB7B00E20E842AA9B409F1AC3034CF96 Issuer Key Hash: A0EA7389DB29FB108F9EE50120D4DE79994883F7 Serial Number: 9114195F66FAFF8FD66E12496E516F4F Cert Status: good This Update: Jan 1 08:45:00 2014 GMT Next Update: Jan 16 09:00:00 2014 GMT Signature Algorithm: sha1WithRSAEncryption 50:21:4c:dc:84:21:f7:a8:ac:a7:b9:bc:10:19:f8:19:f1:34: c1:63:ca:14:7f:8f:5a:85:2a:cc:02:b0:f8:b5:05:4a:0f:28: 50:2a:4a:4d:04:01:b5:05:ef:a5:88:41:d8:9d:38:00:7d:76: 1a:aa:ff:21:50:68:90:d2:0c:93:85:49:e7:8e:f1:58:08:77: a0:4e:e2:22:98:01:b7:e3:27:75:11:f5:b7:8f:e0:75:7d:19: 9b:74:cf:05:dc:ae:1c:36:09:95:b6:08:bc:e7:3f:ea:a2:e3: ae:d7:8f:c0:9d:8e:c2:37:67:c7:5b:d8:b0:67:23:f1:51:53: 26:c2:96:b0:1a:df:4e:fb:4e:e3:da:a3:98:26:59:a8:d7:17: 69:87:a3:68:47:08:92:d0:37:04:6b:49:9a:96:9d:9c:b1:e8: cb:dc:68:7b:4a:4d:cb:08:f7:92:67:41:99:b6:54:56:80:0c: 18:a7:24:53:ac:c6:da:1f:4d:f4:3c:7d:68:44:1d:a4:df:1d: 48:07:85:52:86:59:46:d1:35:45:1a:c7:6b:6b:92:de:24:ae: c0:97:66:54:29:7a:c6:86:a6:da:9f:06:24:dc:ac:80:66:95: e0:eb:49:fd:fb:d4:81:6a:2b:81:41:57:24:78:3b:e0:66:70: d4:2e:52:92 cert.pem: good This Update: Jan 1 08:45:00 2014 GMT Next Update: Jan 16 09:00:00 2014 GMT STILL NEED HELP? If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible. GENERAL INFORMATION This article is flagged Published: 28 March 2017 Last Modified: 20 November 2018 CATEGORIES * Customer AFFECTED PRODUCTS * Validation Authority All Versions * Desktop Validator All Versions * Server Validator All Versions AFFECTED OS * win-x86-64 * win-x86-32 * sun-sparc-64 * sun-sparc-32 * linux-x86-64 * linux-x86-32 * ap-x86-64 * ...Other RELATED ARTICLES * 8 JAN 2015 OpenSSL Security Advisory Effects on Validation Authority, Desktop Validator & Server Validator * Does Validation Authority, Desktop Validator or Server Validator contain Kaspersky Lab code? * Do Apache POI or STRUTS CVEs apply to DV, SV or VA? * VA and the OpenSSL Security Advisory [3 Dec 2015] * Desktop Validator is Not Vulnerable to Heartbleed (CVE-2014-0160) * ©2022 Axway, All Rights Reserved. * Terms of Use * Privacy Statement * Code of Ethics * Privacy Compliance Program - GDPR * * * * * *