Discuss this help topic in SecureBlackbox Forum
Configure OCSP server
The OCSP server components included in SecureBlackbox only implement the OCSP functionality itself, and require external HTTP(S) server components for HTTP request processing. Either HTTPBlackbox, or any other HTTP implementation allowing to pass dedicated OCSP requests for external handling, will do.
Prior to implementing the OCSP responder, the HTTP server component needs to be set up and configured. Your server should be able to: (1) handle POST requests with 'application/ocsp-request' content type; (2) forward them to the request handler; (3) receive results from the handler; (4) send them back as an HTTP response with 'application/ocsp-response' content type.
The OCSP request handler expects a properly formed OCSP request on input (received from the HTTP server), and returns the corresponding OCSP response.
TElOCSPServer ocspServer = new TElOCSPServer();
TElMemoryCertStorage signingCerts = new TElMemoryCertStorage();
signingCerts.Add(signingCert, true);
signingCerts.Add(caCert, true);
ocspServer.SigningCertStorage = signingCerts;
ocspServer.IncludeCertificates = true;
ocspServer.ResponderIdType = TElResponderIDType.ritName;
void handleCertificateCheck(object sender, byte[] hashAlgOID, byte[] issuerNameHash, byte[] issuerKeyHash, byte[] certificateSerial, ref TElOCSPCertificateStatus certStatus, ref TSBCRLReasonFlag reasonFlag, ref DateTime revocationTime, ref DateTime thisUpdate, ref DateTime nextUpdate)
{
// You are expected to check your database for the up-to-date status of the requested certificate.
// The certificate in question is identified by its unique serial number.
// Having established the status, you need to adjust the values of certStatus, reasonFlag and revocationTime accordingly.
// Independently of whether the certificate is revoked or not, set thisUpdate to the time of the last certificate status update in the database, and nextUpdate to the time when the next update is expected.
}
ocspServer.ProducedAt = DateTime.UtcNow;
ocspServer.ProcessRequest(request, ref reply);