Consulta en línea de Estado de Certificados OCSP
Validación en línea de estado de Certificados
La Validación en línea permite determinar de forma online el estado actual de cualquier certificado emitido por la CA Subordinada, a través del protocolo OCSP, conforme al estándar [RFC2560], evitando así consultar la última CRL emitida por la CA Subordinada.
Servicio OCSP
El servicio OCSP procesa las peticiones enviadas, sobre HTTP, por las aplicaciones y los servicios que consultan por OCSP el estado de revocación de certificados emitidos por la CA Subordinada (por ejemplo, para verificar firmas o para incorporar las respuestas OCSP en firmas), enviando las correspondientes respuestas OCSP que contienen los correspondientes estados de revocación de los certificados solicitados, conforme al estándar [RFC2560].
URI de acceso al servicio OCSP
La URL HTTP de acceso al servicio OCSP será igual al valor siguiente:
http://ocsp1.uanataca.com/public/pki/ocsp/
http://ocsp2.uanataca.com/public/pki/ocsp/
Validación OCSP mediante OPENSSL
El siguiente es un comando de ejemplo ejecutado utilizando OPENSSL, aquí se muestra como validar un certificado por línea de comandos:
openssl ocsp -issuer EclipsoftCASUB.cer -serial 0X8053ED40025B7D -url http://ocsp1.uanataca.com/public/pki/ocsp/ -text
Donde se coloque el número de serie y el certificado de la CA subordinada para poder obtener respuesta similar a esta:
openssl ocsp -issuer EclipsoftCASUB.cer -serial 0X8053ED40025B7D -url http://ocsp1.uanataca.com/public/pki/ocsp/ -text
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CA5607581C8DDBB31323E331CFB4917641BCA886
Issuer Key Hash: 2D71EFB0637FF5FDE08322447F441030814F4DE5
Serial Number: 8053ED40025B7D
Request Extensions:
OCSP Nonce:
0410483EE28F1CD6E48AC1BE3CA3DD2F62F9
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = ES, L = Barcelona (see current address at www.uanataca.com/address), O = UANATACA S.A., OU = TSP-UANATACA, CN = OCSP de UANATACA - OCSP01
Produced At: Jun 23 20:10:32 2022 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CA5607581C8DDBB31323E331CFB4917641BCA886
Issuer Key Hash: 2D71EFB0637FF5FDE08322447F441030814F4DE5
Serial Number: 8053ED40025B7D
Cert Status: revoked
Revocation Time: Jan 31 08:24:21 2022 GMT
This Update: Jun 23 19:50:32 2022 GMT
Next Update: Jun 23 20:30:32 2022 GMT
Response Single Extensions:
OCSP Archive Cutoff:
Dec 3 00:00:00 2009 GMT
Response Extensions:
OCSP Nonce:
0410483EE28F1CD6E48AC1BE3CA3DD2F62F9
Signature Algorithm: sha256WithRSAEncryption
8a:80:e7:29:8f:89:74:36:eb:b7:5e:41:96:e7:56:2f:06:c5:
68:b6:60:62:41:f2:48:77:2d:78:b2:22:a2:3e:cb:a3:f6:38:
10:32:a7:73:31:5a:7a:de:00:be:10:96:4b:e2:47:3b:a8:c8:
ad:3b:13:04:f2:c3:31:9f:0d:a3:a2:aa:94:94:97:e9:ba:44:
3b:d1:c6:a0:bb:d6:8b:0b:ac:1a:15:18:8f:d5:03:d5:07:a1:
30:86:53:90:36:ae:04:10:4e:c3:b1:5e:5f:2d:8e:98:ef:30:
50:da:64:44:2d:87:b3:5d:48:a9:bf:f1:83:7b:45:14:9c:72:
9d:a9:99:86:36:fb:0f:ff:59:80:00:86:29:0f:8d:14:c9:f7:
ba:46:d6:dd:1a:09:3e:ce:b7:1f:a1:37:29:2e:18:e9:d5:a9:
52:b2:c9:a7:2f:4e:98:7c:96:58:1d:d7:f9:fe:25:91:6b:b4:
5c:a2:59:2d:12:ce:a3:e1:a4:28:b4:96:2e:17:43:8a:7b:22:
05:29:c1:01:b4:de:72:be:08:5e:8d:51:24:16:b6:c2:f8:fa:
ad:fc:c4:f8:85:e5:8b:84:05:65:3c:6d:ed:cf:01:fa:64:66:
4a:0c:05:f1:b0:1c:53:5d:66:90:1a:62:33:8e:bc:de:3a:b8:
b3:f2:45:67
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8492606829297758341 (0x75dbccea5d597085)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=ES, L=Barcelona (see current address at www.uanataca.com/address), O=UANATACA S.A., OU=TSP-UANATACA, CN=UANATACA CA1 2016/2.5.4.97=VATES-A66721499
Validity
Not Before: Mar 8 11:38:22 2021 GMT
Not After : Mar 8 11:38:22 2023 GMT
Subject: C=ES, L=Barcelona (see current address at www.uanataca.com/address), O=UANATACA S.A., OU=TSP-UANATACA, CN=OCSP de UANATACA - OCSP01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a2:0c:e9:40:f6:a4:c7:25:55:93:6e:54:58:ac:
3b:a7:f4:99:df:c4:86:2f:90:a1:a8:d9:18:3a:1c:
a2:74:26:84:ed:cc:5b:4e:7a:d5:fc:d0:f3:7f:19:
74:97:03:bf:89:de:4b:65:da:7b:1b:2a:e8:f9:6a:
ad:55:12:b7:c6:ec:51:ea:5d:d9:ab:f9:e3:ff:c9:
d4:83:8c:1e:4e:c6:1c:4e:8b:ed:28:f8:f6:11:fe:
17:6e:87:b3:45:25:f2:a8:8d:dd:c8:28:86:b3:09:
af:03:41:7e:b9:3e:5e:f3:94:99:25:0b:93:46:2b:
47:56:a7:cb:95:2f:3c:fd:d7:31:e8:a4:db:c7:31:
e2:6b:f2:bc:5b:a9:a2:a1:1d:16:dd:a3:3d:d2:80:
2a:3b:1c:5b:5f:f5:18:37:9d:53:56:8e:4a:5f:23:
0a:76:82:98:b1:6b:9e:f1:0d:e6:e8:15:37:6d:dc:
33:b2:76:9c:f7:b7:ea:ba:bf:dc:e9:b1:16:9d:72:
d5:84:14:95:6a:e5:52:81:94:46:90:1a:6b:9f:0c:
c7:d0:35:d4:ef:07:9f:c8:bc:0f:59:19:58:64:aa:
34:b7:34:71:b9:88:65:22:4f:e4:ce:30:d2:db:8c:
d6:28:f6:61:64:61:f2:8c:8c:69:fa:e5:ed:a7:03:
92:53
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
CA Issuers - URI:http://www.uanataca.com/public/download/tsp_certificates/trustedRoot.p7c
X509v3 Subject Key Identifier:
56:FE:BB:3A:DA:47:F7:5D:CE:BD:25:04:E6:97:18:24:A9:CD:9F:CA
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:2D:71:EF:B0:63:7F:F5:FD:E0:83:22:44:7F:44:10:30:81:4F:4D:E5
OCSP No Check:
qcStatements:
0705.....F...+http://www.uanataca.com/public/pki/OCSP-DS/
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.47286.1.6
CPS:http://www.uanataca.com/public/pki/dpc/
User Notice:
Explicit Text: Certificado OCSP de UANATACA. Ver http://www.uanataca.com/public/pki/dpc/
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl1.uanataca.com/public/pki/crl/CA1subordinada.crl
Full Name:
URI:http://crl2.uanataca.com/public/pki/crl/CA1subordinada.crl
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
X509v3 Extended Key Usage: critical
OCSP Signing
X509v3 Subject Alternative Name:
email:info@uanataca.com
Signature Algorithm: sha256WithRSAEncryption
b0:4d:92:71:97:24:0f:a5:fc:2c:ce:ed:7d:b0:1f:5e:9f:17:
db:6d:97:9a:df:40:74:bc:2f:20:cb:a0:57:99:63:de:52:81:
71:8e:61:03:58:82:13:7f:67:9e:01:33:2c:a6:8e:e6:a5:32:
de:bc:d4:88:7c:3e:2a:cf:c6:ca:89:c2:67:b0:fe:77:12:d1:
cb:cb:0c:cd:01:cb:af:90:4c:26:60:43:fe:1a:5b:c5:46:0d:
46:2d:94:55:ca:0e:07:dd:36:cd:93:e9:3e:a9:7d:f1:c5:05:
44:46:5d:e6:f3:6b:78:1c:12:7c:44:31:90:fa:9e:ef:3c:fe:
36:63:b2:e3:06:20:1d:05:59:43:53:c6:77:2a:45:4e:14:00:
99:52:e8:9d:59:cd:88:f2:4e:3b:c8:18:2f:0c:63:ad:0b:c8:
a3:e4:2f:e7:ff:c5:fd:cb:5f:34:59:fa:76:9c:7f:78:8a:b0:
18:0f:04:a1:93:5c:61:30:86:c1:d6:16:82:f2:1c:ce:b2:88:
6d:e3:4b:b6:a1:37:16:fb:0f:9d:1c:a5:60:0e:b7:84:75:1a:
d7:b2:ff:97:d7:ff:ca:08:3a:2a:e0:b0:35:94:a9:18:b8:d4:
42:b3:ac:b9:6d:e1:44:23:0d:4a:d0:c3:39:f2:fe:64:83:fa:
85:8d:b8:2c:26:0a:94:d5:fb:3a:e1:75:84:30:44:ba:6a:8f:
57:6a:67:a5:03:26:b8:3f:7b:ef:4a:f6:de:d8:e1:70:7f:9e:
0b:2f:52:a8:f0:b3:af:58:20:58:f3:79:26:ab:73:39:b6:d1:
e3:b3:51:84:68:cc:b2:48:60:85:73:f5:e1:9e:b1:40:61:ac:
41:a8:9f:58:e3:90:73:88:7d:57:9d:ac:d2:b9:64:ec:f6:5d:
d9:1d:96:bb:3b:eb:a3:b9:b6:4a:c4:f5:a2:d1:eb:f6:d5:f9:
95:d0:7d:b4:25:b1:60:f9:76:4b:94:71:b9:2d:ff:27:7a:01:
09:0b:9a:a7:41:a8:9e:c1:65:81:3b:93:42:3f:7e:f9:ca:ec:
3d:f6:60:37:88:63:8b:58:1d:4c:9b:e6:00:e6:9f:f1:be:d2:
3e:13:69:d1:ab:f9:a3:36:0f:d6:a7:a4:c1:01:ef:d3:41:59:
9e:bc:7f:53:17:a3:ce:12:62:87:c3:7d:d2:c2:61:b5:d8:7f:
91:43:ab:23:b8:82:36:a7:72:4e:85:77:f8:58:7b:58:d2:9c:
db:b8:a2:cf:79:99:5a:eb:2a:65:20:4b:4b:4d:4a:8c:57:9a:
3c:a1:ba:e0:f7:d2:ee:24:68:90:6f:5f:3d:7d:ee:75:6d:fc:
86:e3:a3:5d:f5:3b:e7:53
-----BEGIN CERTIFICATE-----
MIIHezCCBWOgAwIBAgIIddvM6l1ZcIUwDQYJKoZIhvcNAQELBQAwgbgxCzAJBgNV
BAYTAkVTMUQwQgYDVQQHDDtCYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3Mg
YXQgd3d3LnVhbmF0YWNhLmNvbS9hZGRyZXNzKTEWMBQGA1UECgwNVUFOQVRBQ0Eg
Uy5BLjEVMBMGA1UECwwMVFNQLVVBTkFUQUNBMRowGAYDVQQDDBFVQU5BVEFDQSBD
QTEgMjAxNjEYMBYGA1UEYQwPVkFURVMtQTY2NzIxNDk5MB4XDTIxMDMwODExMzgy
MloXDTIzMDMwODExMzgyMlowgacxCzAJBgNVBAYTAkVTMUUwQwYDVQQHDDxCYXJj
ZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgIHd3dy51YW5hdGFjYS5jb20v
YWRkcmVzcykxFjAUBgNVBAoMDVVBTkFUQUNBIFMuQS4xFTATBgNVBAsMDFRTUC1V
QU5BVEFDQTEiMCAGA1UEAwwZT0NTUCBkZSBVQU5BVEFDQSAtIE9DU1AwMTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKIM6UD2pMclVZNuVFisO6f0md/E
hi+QoajZGDoconQmhO3MW0561fzQ838ZdJcDv4neS2Xaexsq6PlqrVUSt8bsUepd
2av54//J1IOMHk7GHE6L7Sj49hH+F26Hs0Ul8qiN3cgohrMJrwNBfrk+XvOUmSUL
k0YrR1any5UvPP3XMeik28cx4mvyvFupoqEdFt2jPdKAKjscW1/1GDedU1aOSl8j
CnaCmLFrnvEN5ugVN23cM7J2nPe36rq/3OmxFp1y1YQUlWrlUoGURpAaa58Mx9A1
1O8Hn8i8D1kZWGSqNLc0cbmIZSJP5M4w0tuM1ij2YWRh8oyMafrl7acDklMCAwEA
AaOCApYwggKSMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIaHR0cDovL3d3
dy51YW5hdGFjYS5jb20vcHVibGljL2Rvd25sb2FkL3RzcF9jZXJ0aWZpY2F0ZXMv
dHJ1c3RlZFJvb3QucDdjMB0GA1UdDgQWBBRW/rs62kf3Xc69JQTmlxgkqc2fyjAM
BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFC1x77Bjf/X94IMiRH9EEDCBT03lMA8G
CSsGAQUFBzABBQQCBQAwRQYIKwYBBQUHAQMEOTA3MDUGBgQAjkYBBQwraHR0cDov
L3d3dy51YW5hdGFjYS5jb20vcHVibGljL3BraS9PQ1NQLURTLzCBqwYDVR0gBIGj
MIGgMIGdBgorBgEEAYLxNgEGMIGOMDMGCCsGAQUFBwIBFidodHRwOi8vd3d3LnVh
bmF0YWNhLmNvbS9wdWJsaWMvcGtpL2RwYy8wVwYIKwYBBQUHAgIwSwxJQ2VydGlm
aWNhZG8gT0NTUCBkZSBVQU5BVEFDQS4gVmVyIGh0dHA6Ly93d3cudWFuYXRhY2Eu
Y29tL3B1YmxpYy9wa2kvZHBjLzCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8v
Y3JsMS51YW5hdGFjYS5jb20vcHVibGljL3BraS9jcmwvQ0Exc3Vib3JkaW5hZGEu
Y3JsMECgPqA8hjpodHRwOi8vY3JsMi51YW5hdGFjYS5jb20vcHVibGljL3BraS9j
cmwvQ0Exc3Vib3JkaW5hZGEuY3JsMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8E
DDAKBggrBgEFBQcDCTAcBgNVHREEFTATgRFpbmZvQHVhbmF0YWNhLmNvbTANBgkq
hkiG9w0BAQsFAAOCAgEAsE2ScZckD6X8LM7tfbAfXp8X222Xmt9AdLwvIMugV5lj
3lKBcY5hA1iCE39nngEzLKaO5qUy3rzUiHw+Ks/GyonCZ7D+dxLRy8sMzQHLr5BM
JmBD/hpbxUYNRi2UVcoOB902zZPpPql98cUFREZd5vNreBwSfEQxkPqe7zz+NmOy
4wYgHQVZQ1PGdypFThQAmVLonVnNiPJOO8gYLwxjrQvIo+Qv5//F/ctfNFn6dpx/
eIqwGA8EoZNcYTCGwdYWgvIczrKIbeNLtqE3FvsPnRylYA63hHUa17L/l9f/ygg6
KuCwNZSpGLjUQrOsuW3hRCMNStDDOfL+ZIP6hY24LCYKlNX7OuF1hDBEumqPV2pn
pQMmuD9770r23tjhcH+eCy9SqPCzr1ggWPN5JqtzObbR47NRhGjMskhghXP14Z6x
QGGsQaifWOOQc4h9V52s0rlk7PZd2R2Wuzvro7m2SsT1otHr9tX5ldB9tCWxYPl2
S5RxuS3/J3oBCQuap0GonsFlgTuTQj9++crsPfZgN4hji1gdTJvmAOaf8b7SPhNp
0av5ozYP1qekwQHv00FZnrx/UxejzhJih8N90sJhtdh/kUOrI7iCNqdyToV3+Fh7
WNKc27iiz3mZWusqZSBLS01KjFeaPKG64PfS7iRokG9fPX3udW38huOjXfU751M=
-----END CERTIFICATE-----
Response Verify Failure
4470744748:error:27FFF065:OCSP routines:CRYPTO_internal:certificate verify error:/AppleInternal/Library/BuildRoots/66382bca-8bca-11ec-aade-6613bcf0e2ee/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/ocsp/ocsp_vfy.c:141:Verify error:unable to get local issuer certificate
0X8053ED40025B7D: revoked
This Update: Jun 23 19:50:32 2022 GMT
Next Update: Jun 23 20:30:32 2022 GMT
Revocation Time: Jan 31 08:24:21 2022 GMT