Reference

show ssl ocsp-response

On this page

Available since

  • HAProxy 2.5
  • HAProxy Enterprise 2.5r1

Show the Online Certificate Status Protocol (OCSP) response for an SSL/TLS certificate.

Description Jump to heading

Use the show ssl ocsp-response command to display the IDs of the OCSP tree entries corresponding to all the OCSP responses used in the load balancer, as well as the issuer’s name and key hash and the serial number of the certificate for which the OCSP response was built.

To display the contents of a specific OCSP response, provide the response ID as an argument. The information displayed is the same as in an openssl ocsp -respin ocsp-response -text call.

You can also display the OCSP response using show ssl cert.

Examples Jump to heading

Show all OCSP tree entries.

nix
echo "show ssl ocsp-response" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl ocsp-response" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
# Certificate IDs
   Certificate ID key : 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a
      Certificate ID:
      Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A
      Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A
      Serial Number: 100A
output
text
# Certificate IDs
   Certificate ID key : 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a
      Certificate ID:
      Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A
      Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A
      Serial Number: 100A

Show the details for the specified OCSP response.

nix
echo "show ssl ocsp-response 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl ocsp-response 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
OCSP Response Data:
   OCSP Response Status: successful (0x0)
   Response Type: Basic OCSP Response
   Version: 1 (0x0)
   Responder Id: C = FR, O = HAProxy Technologies, CN = ocsp.haproxy.com
   Produced At: May 27 15:43:38 2021 GMT
   Responses:
   Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A
      Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A
      Serial Number: 100A
   Cert Status: good
   This Update: May 27 15:43:38 2021 GMT
   Next Update: Oct 12 15:43:38 2048 GMT
   [...]
output
text
OCSP Response Data:
   OCSP Response Status: successful (0x0)
   Response Type: Basic OCSP Response
   Version: 1 (0x0)
   Responder Id: C = FR, O = HAProxy Technologies, CN = ocsp.haproxy.com
   Produced At: May 27 15:43:38 2021 GMT
   Responses:
   Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A
      Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A
      Serial Number: 100A
   Cert Status: good
   This Update: May 27 15:43:38 2021 GMT
   Next Update: Oct 12 15:43:38 2048 GMT
   [...]

Available since

  • HAProxy 2.8
  • HAProxy Enterprise 2.8r1

Show the specified OCSP response in base64.

nix
echo "show ssl ocsp-response base64 /etc/hapee-3.0/certs/cert.pem" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "show ssl ocsp-response base64 /etc/hapee-3.0/certs/cert.pem" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
output
text
MIIB8woBAKCCAewwggHoBgkrBgEFBQcwAQEEggHZMIIB1TCBvqE[...]
output
text
MIIB8woBAKCCAewwggHoBgkrBgEFBQcwAQEEggHZMIIB1TCBvqE[...]

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?

Previous page show ssl crt-list Next page show ssl ocsp-updates
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences