michael@0: # This Source Code Form is subject to the terms of the Mozilla Public michael@0: # License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: # file, You can obtain one at http://mozilla.org/MPL/2.0/. michael@0: michael@0: scenario OCSPD michael@0: michael@0: #root CA michael@0: entity OCSPRoot michael@0: type Root michael@0: export_key michael@0: michael@0: #CA - OK michael@0: entity OCSPCA1 michael@0: type Intermediate michael@0: issuer OCSPRoot michael@0: serial 1 michael@0: ocsp online michael@0: export_key michael@0: michael@0: #CA - revoked michael@0: entity OCSPCA2 michael@0: type Intermediate michael@0: issuer OCSPRoot michael@0: serial 2 michael@0: ocsp online michael@0: export_key michael@0: michael@0: #CA - unknown status michael@0: entity OCSPCA3 michael@0: type Intermediate michael@0: issuer OCSPRoot michael@0: serial 3 michael@0: ocsp offline michael@0: export_key michael@0: michael@0: #EE - OK michael@0: entity OCSPEE11 michael@0: type EE michael@0: issuer OCSPCA1 michael@0: serial 1 michael@0: ocsp online michael@0: michael@0: #EE - revoked on OCSP michael@0: entity OCSPEE12 michael@0: type EE michael@0: issuer OCSPCA1 michael@0: serial 2 michael@0: ocsp online michael@0: michael@0: #EE - revoked on CRL michael@0: entity OCSPEE13 michael@0: type EE michael@0: issuer OCSPCA1 michael@0: serial 3 michael@0: ocsp online michael@0: michael@0: #EE - revoked on OCSP and CRL michael@0: entity OCSPEE14 michael@0: type EE michael@0: issuer OCSPCA1 michael@0: serial 4 michael@0: ocsp online michael@0: michael@0: #EE - unknown status michael@0: entity OCSPEE15 michael@0: type EE michael@0: issuer OCSPCA1 michael@0: serial 5 michael@0: ocsp offline michael@0: michael@0: #EE - valid EE, revoked CA michael@0: entity OCSPEE21 michael@0: type EE michael@0: issuer OCSPCA2 michael@0: serial 1 michael@0: ocsp online michael@0: michael@0: #EE - revoked EE, revoked CA michael@0: entity OCSPEE22 michael@0: type EE michael@0: issuer OCSPCA2 michael@0: serial 2 michael@0: ocsp online michael@0: michael@0: #EE - revoked EE, CA pointing to invalid OCSP michael@0: entity OCSPEE23 michael@0: type EE michael@0: issuer OCSPCA2 michael@0: serial 3 michael@0: ocsp offline michael@0: michael@0: #EE - valid EE, CA pointing to invalid OCSP michael@0: entity OCSPEE31 michael@0: type EE michael@0: issuer OCSPCA3 michael@0: serial 1 michael@0: ocsp online michael@0: michael@0: #EE - revoked EE, CA pointing to invalid OCSP michael@0: entity OCSPEE32 michael@0: type EE michael@0: issuer OCSPCA3 michael@0: serial 2 michael@0: ocsp online michael@0: michael@0: #EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP michael@0: entity OCSPEE33 michael@0: type EE michael@0: issuer OCSPCA3 michael@0: serial 3 michael@0: ocsp offline michael@0: michael@0: crl OCSPRoot michael@0: michael@0: revoke OCSPRoot michael@0: serial 2 michael@0: michael@0: crl OCSPCA1 michael@0: michael@0: revoke OCSPCA1 michael@0: serial 2 michael@0: michael@0: revoke OCSPCA1 michael@0: serial 4 michael@0: michael@0: crl OCSPCA2 michael@0: michael@0: revoke OCSPCA2 michael@0: serial 2 michael@0: michael@0: revoke OCSPCA2 michael@0: serial 3 michael@0: michael@0: crl OCSPCA3 michael@0: michael@0: revoke OCSPCA3 michael@0: serial 2 michael@0: michael@0: revoke OCSPCA3 michael@0: serial 3 michael@0: michael@0: # Used for running a single OCSP server (httpserv) instance that can michael@0: # handle multiple CAs, e.g.: michael@0: # httpserv -p 8641 -d . -f dbpasswd \ michael@0: # -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \ michael@0: # -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl michael@0: db Server michael@0: import OCSPRoot::CT,C,C michael@0: import_key OCSPRoot michael@0: import_key OCSPCA1 michael@0: import_key OCSPCA2 michael@0: import_key OCSPCA3 michael@0: michael@0: # A DB containing all certs, but no keys. michael@0: # Useful for manual OCSP client testing, e.g.: michael@0: # ocspclnt -d . -S OCSPEE12OCSPCA1 -u s michael@0: db Client michael@0: import OCSPRoot::CT,C,C michael@0: import OCSPCA1OCSPRoot:: michael@0: import OCSPCA2OCSPRoot:: michael@0: import OCSPCA3OCSPRoot:: michael@0: import OCSPEE11OCSPCA1:: michael@0: import OCSPEE12OCSPCA1:: michael@0: import OCSPEE13OCSPCA1:: michael@0: import OCSPEE14OCSPCA1:: michael@0: import OCSPEE15OCSPCA1:: michael@0: import OCSPEE21OCSPCA2:: michael@0: import OCSPEE22OCSPCA2:: michael@0: import OCSPEE23OCSPCA2:: michael@0: import OCSPEE31OCSPCA3:: michael@0: import OCSPEE32OCSPCA3:: michael@0: import OCSPEE33OCSPCA3::