42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
services:
|
|
# OCSP (Online Certificate Status Protocol) Responder Service
|
|
#
|
|
# This service provides real-time certificate validation for the development environment.
|
|
# It works with certificates generated by ./scripts/generate-certificates.sh and imported
|
|
# by ./scripts/import-certificates.sh.
|
|
#
|
|
# Configuration Parameters:
|
|
# ------------------------
|
|
# Port: 8888 - OCSP responder listens for validation requests
|
|
# Index File: - Lists all issued certificates (/ca/intermediate-ca/index.txt)
|
|
# CA Certificate: - Issuer's certificate (/ca/intermediate-ca/intermediate.crt)
|
|
# OCSP Key Pair: - Responder credentials (/ca/ocsp-responder/ocsp.{key,crt})
|
|
# Validity Period: - Responses valid for 1 day (-ndays 1)
|
|
#
|
|
# Test Certificate Status:
|
|
# ----------------------
|
|
# openssl ocsp -url http://ocsp.localhost.example:8888 \
|
|
# -issuer _data/certs/ca/intermediate-ca/intermediate.crt \
|
|
# -CAfile _data/certs/chain1.pem \
|
|
# -cert _data/certs/server1.crt \
|
|
# -text
|
|
ocsp-responder:
|
|
image: alpine:latest
|
|
volumes:
|
|
- ./_data/certs/ca:/ca
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
apk add --no-cache openssl &&
|
|
openssl ocsp -port 8888 -text \
|
|
-index /ca/intermediate-ca/index.txt \
|
|
-CA /ca/intermediate-ca/intermediate.crt \
|
|
-rkey /ca/ocsp-responder/ocsp.key \
|
|
-rsigner /ca/ocsp-responder/ocsp.crt \
|
|
-ndays 1
|
|
ports:
|
|
- "8888:8888"
|
|
networks:
|
|
openfire-federated-net:
|
|
ipv4_address: 172.50.0.88 |