OpenSSL::OCSP

module OpenSSL::OCSP

OpenSSL::OCSP implements Online Certificate Status Protocol requests and responses.

Creating and sending an OCSP request requires a subject certificate that contains an OCSP URL in an authorityInfoAccess extension and the issuer certificate for the subject certificate. First, load the issuer and subject certificates:

subject = OpenSSL::X509::Certificate.new subject_pem
issuer  = OpenSSL::X509::Certificate.new issuer_pem

To create the request we need to create a certificate ID for the subject certificate so the CA knows which certificate we are asking about:

digest = OpenSSL::Digest::SHA1.new
certificate_id =
  OpenSSL::OCSP::Certificate