OpenSSL has an ocsp querying facility that can be useful if you’re testing a responder or just curious how the online certificate status protocol works. To use it:
openssl ocsp -issuer IssuingCert.txt -cert ServerCert.txt -url http://ocsp.wherever.com -CAfile CAchain.txt
Here’s an example response where the certificate has been marked as revoked.
Response verify OK ServerCert.txt: revoked This Update: Nov 20 15:43:49 2010 GMT Next Update: Dec 4 17:43:49 2010 GMT Reason: unspecified Revocation Time: Mar 31 21:37:52 2009 GMT
And one marked as acceptable.
Response verify OK ServerCert.txt: good This Update: Nov 20 11:20:51 2010 GMT Next Update: Nov 27 11:20:51 2010 GMT
Responses can have several error status codes. Here’s the list of possible errors from RFC 2560.
malformedRequest (1), --Illegal confirmation request internalError (2), --Internal error in issuer tryLater (3), --Try again later --(4) is not used sigRequired (5), --Must sign the request unauthorized (6) --Request unauthorized
The OS X shell is very powerful, but some wonderfully useful commands are almost entirely unknown to the community at large. Two of these forgotten commands are pbcopy and pbpaste. Let’s take a quick look at what they can do.
This command allows you to copy text from stdin into the clipboard1 buffer. Trivial example:
echo 'Hello World!' | pbcopy
“Hello World!” is now in your clipboard.
Pastes from your clipboard to stdout. Trivial example:
This will echo the contents of your clipboard. If you’re following along you’ll see “Hello World!”.
What can’t you do! Oh, you want examples? Well…
Let me know what amazing things you come up with to enhance your own productivity!