This repository contains a Java 11 implementation of a Certificate Revocation List (CRL) Distribution Point and an Online Certificate Status Protocol (OCSP) Responder.
This app is a Dropwizard app that can respond to CRL requests and OCSP requests for a given CA. You need to provide the app
with access to the index file of the CA, which is effectively the database for the CA, the crl file, and a Java KeyStore
containing the key and certificate chain to sign the OCSP responses with. This is all done within the conf.yml
To test the application, run the following commands.
To package the application, run:
mvn package
To run the server, run:
java -jar target/revoker-0.1.0.jar server conf.yml
To use the admin operational menu, navigate a browser to:
You can use the following openssl command to test that the OCSP works correctly
openssl ocsp -CAfile intermediate/certs/ca-chain.cert.pem \
-url -resp_text \
-issuer intermediate/certs/intermediate.cert.pem \
-cert intermediate/certs/