1# This Source Code Form is subject to the terms of the Mozilla Public 2# License, v. 2.0. If a copy of the MPL was not distributed with this 3# file, You can obtain one at http://mozilla.org/MPL/2.0/. 4 5scenario OCSPD 6 7#root CA 8entity OCSPRoot 9 type Root 10 export_key 11 12#CA - OK 13entity OCSPCA1 14 type Intermediate 15 issuer OCSPRoot 16 serial 1 17 ocsp online 18 export_key 19 20#CA - revoked 21entity OCSPCA2 22 type Intermediate 23 issuer OCSPRoot 24 serial 2 25 ocsp online 26 export_key 27 28#CA - unknown status 29entity OCSPCA3 30 type Intermediate 31 issuer OCSPRoot 32 serial 3 33 ocsp offline 34 export_key 35 36#EE - OK 37entity OCSPEE11 38 type EE 39 issuer OCSPCA1 40 serial 1 41 ocsp online 42 43#EE - revoked on OCSP 44entity OCSPEE12 45 type EE 46 issuer OCSPCA1 47 serial 2 48 ocsp online 49 50#EE - revoked on CRL 51entity OCSPEE13 52 type EE 53 issuer OCSPCA1 54 serial 3 55 ocsp online 56 57#EE - revoked on OCSP and CRL 58entity OCSPEE14 59 type EE 60 issuer OCSPCA1 61 serial 4 62 ocsp online 63 64#EE - unknown status 65entity OCSPEE15 66 type EE 67 issuer OCSPCA1 68 serial 5 69 ocsp offline 70 71#EE - valid EE, revoked CA 72entity OCSPEE21 73 type EE 74 issuer OCSPCA2 75 serial 1 76 ocsp online 77 78#EE - revoked EE, revoked CA 79entity OCSPEE22 80 type EE 81 issuer OCSPCA2 82 serial 2 83 ocsp online 84 85#EE - revoked EE, CA pointing to invalid OCSP 86entity OCSPEE23 87 type EE 88 issuer OCSPCA2 89 serial 3 90 ocsp offline 91 92#EE - valid EE, CA pointing to invalid OCSP 93entity OCSPEE31 94 type EE 95 issuer OCSPCA3 96 serial 1 97 ocsp online 98 99#EE - revoked EE, CA pointing to invalid OCSP 100entity OCSPEE32 101 type EE 102 issuer OCSPCA3 103 serial 2 104 ocsp online 105 106#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP 107entity OCSPEE33 108 type EE 109 issuer OCSPCA3 110 serial 3 111 ocsp offline 112 113crl OCSPRoot 114 115revoke OCSPRoot 116 serial 2 117 118crl OCSPCA1 119 120revoke OCSPCA1 121 serial 2 122 123revoke OCSPCA1 124 serial 4 125 126crl OCSPCA2 127 128revoke OCSPCA2 129 serial 2 130 131revoke OCSPCA2 132 serial 3 133 134crl OCSPCA3 135 136revoke OCSPCA3 137 serial 2 138 139revoke OCSPCA3 140 serial 3 141 142# Used for running a single OCSP server (httpserv) instance that can 143# handle multiple CAs, e.g.: 144# httpserv -p 8641 -d . -f dbpasswd \ 145# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \ 146# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl 147db Server 148import OCSPRoot::CT,C,C 149import_key OCSPRoot 150import_key OCSPCA1 151import_key OCSPCA2 152import_key OCSPCA3 153 154# A DB containing all certs, but no keys. 155# Useful for manual OCSP client testing, e.g.: 156# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s 157db Client 158import OCSPRoot::CT,C,C 159import OCSPCA1OCSPRoot:: 160import OCSPCA2OCSPRoot:: 161import OCSPCA3OCSPRoot:: 162import OCSPEE11OCSPCA1:: 163import OCSPEE12OCSPCA1:: 164import OCSPEE13OCSPCA1:: 165import OCSPEE14OCSPCA1:: 166import OCSPEE15OCSPCA1:: 167import OCSPEE21OCSPCA2:: 168import OCSPEE22OCSPCA2:: 169import OCSPEE23OCSPCA2:: 170import OCSPEE31OCSPCA3:: 171import OCSPEE32OCSPCA3:: 172import OCSPEE33OCSPCA3:: 173