This repository was archived by the owner on Oct 6, 2021. It is now read-only.
This repository was archived by the owner on Oct 6, 2021. It is now read-only.
Implement OCSP responder #7
Description
Not necessarily core functionality (the service itself can be fully functional without it), but being able to check certificate status separately may be good; that said, the same (and determining the user of a valid certificate) can be accomplished through the regular public-facing API.
Should we decide to implement this, it's likely to be its own server so that it can live at a different URL: the API should live at /api/v1, but the direct CA functionality should live at /CA. It'll be a fairly basic application either way: serve a static file for the CRL and use the OpenSSL wrapper to serve an OCSP response.