GNU/Linux ◆ rxvt-unicode-256color ◆ zsh 3303 views

This screencast demonstrates some basic Certomancer configuration. It takes you through the following scenarios:

  • Generating keys (the example uses RSA, but DSA and ECDSA are also supported)
  • Generating a CA certificate with a subordinate certificate
  • Setting up OCSP
  • Simulating certificate revocation

Note: due to terminal aspect ratio issues, the last bit of the openssl ocsp command might be cut off. This is the full invocation:

openssl ocsp -VAfile ocsp-responder.cert.pem -issuer ca.cert.pem \
   -cert alice.cert.pem -url http://localhost:9000/demo/ocsp/ocsp-service