Format of file index.txt database of a CA

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Format of file index.txt database of a CA

Marco Klasmeyer
Hello,

is the format for "index.txt" database file of a CA defined somewhere?
I want to run "openssl ocsp" as a small test OCSP responder, which
needs this index file as input. For testing purposes I would like to
manipulate some lines of this file, but I can't find any documentation
about the format?

By the way, is there a possibility to use a real database instead
of this plain ASCII file?

Thanks in advance,
Marco

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Format of file index.txt database of a CA

prakash babu
Hi
 
The index.txt is an ascii file consisting of four fields
 
eg )   V  051213070133Z  B3500880020644B6  unknown /C=IN/ST=TamilNadu/O=cbe/CN=test
 
where:
 V                             - Certificate is Valid  (R for revoked certificates )
 051213070133Z         - Date upto which the certificate is valid
 B3500880020644B6  - Serial number of the certificate
 /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate

Thanks,
Prakash

Marco Klasmeyer <[hidden email]> wrote:
Hello,

is the format for "index.txt" database file of a CA defined somewhere?
I want to run "openssl ocsp" as a small test OCSP responder, which
needs this index file as input. For testing purposes I would like to
manipulate some lines of this file, but I can't find any documentation
about the format?

By the way, is there a possibility to use a real database instead
of this plain ASCII file?

Thanks in advance,
Marco

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Start your day with Yahoo! - make it your home page
Reply | Threaded
Open this post in threaded view
|

Re: Format of file index.txt database of a CA

Richard Levitte - VMS Whacker
Correction:

The index.txt file is an ascii file consisting of 6 (not 4) tab-separated
fields.  Some of those fields may be empty and might appear not to exist at
all.

The 6 fields are:

0)  Entry type.  May be "V" (valid), "R" (revoked) or "E" (expired).
    Note that an expired may have the type "V" because the type has
    not been updated.  'openssl ca updatedb' does such an update.
1)  Expiration datetime.
2)  Revokation datetime.  This is set for any entry of the type "R".
3)  Serial number.
4)  File name of the certificate.  This doesn't seem to be used,
    ever, so it's always "unknown".
5)  Certificate subject name.

prakash babu writes:

> Hi
>  
> The index.txt is an ascii file consisting of four fields
>  
> eg )   V  051213070133Z  B3500880020644B6  unknown /C=IN/ST=TamilNadu/O=cbe/CN=test
>  
> where:
>  V                             - Certificate is Valid  (R for revoked certificates )
>  051213070133Z         - Date upto which the certificate is valid
>  B3500880020644B6  - Serial number of the certificate
>  /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate
>
> Thanks,
> Prakash
>
> Marco Klasmeyer <[hidden email]> wrote:
> Hello,
>
> is the format for "index.txt" database file of a CA defined somewhere?
> I want to run "openssl ocsp" as a small test OCSP responder, which
> needs this index file as input. For testing purposes I would like to
> manipulate some lines of this file, but I can't find any documentation
> about the format?
>
> By the way, is there a possibility to use a real database instead
> of this plain ASCII file?
>
> Thanks in advance,
> Marco
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [hidden email]
> Automated List Manager [hidden email]
>
>
> ---------------------------------
>  Start your day with Yahoo! - make it your home page
 

 -----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                       http://richard.levitte.org/ 

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
                                               -- C.S. Lewis

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Format of file index.txt database of a CA

Marco Klasmeyer
That clarifies everything!

Thanks to all,
Marco

Richard Levitte wrote:

> Correction:
> The index.txt file is an ascii file consisting of 6 (not 4)
> tab-separated fields.  Some of those fields may be empty and might
> appear not to exist at all.
> The 6 fields are:
> 0)  Entry type.  May be "V" (valid), "R" (revoked) or "E" (expired).
>    Note that an expired may have the type "V" because the type has
>    not been updated.  'openssl ca updatedb' does such an update.
> 1)  Expiration datetime.
> 2)  Revokation datetime.  This is set for any entry of the type "R".
> 3)  Serial number.
> 4)  File name of the certificate.  This doesn't seem to be used,
>    ever, so it's always "unknown".
> 5)  Certificate subject name.
> prakash babu writes:
>
>> Hi  
>> The index.txt is an ascii file consisting of four fields
>>  
>> eg )   V  051213070133Z  B3500880020644B6  unknown
>> /C=IN/ST=TamilNadu/O=cbe/CN=test
>>  
>> where:
>>  V                             - Certificate is Valid  (R for revoked
>> certificates )
>>  051213070133Z         - Date upto which the certificate is valid
>>  B3500880020644B6  - Serial number of the certificate
>>  /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate
>> Thanks,
>> Prakash
>> Marco Klasmeyer <[hidden email]> wrote:
>> Hello,
>> is the format for "index.txt" database file of a CA defined somewhere?
>> I want to run "openssl ocsp" as a small test OCSP responder, which
>> needs this index file as input. For testing purposes I would like to
>> manipulate some lines of this file, but I can't find any documentation
>> about the format?
>> By the way, is there a possibility to use a real database instead
>> of this plain ASCII file?
>> Thanks in advance,
>> Marco
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List [hidden email]
>> Automated List Manager [hidden email]
>>        
>> ---------------------------------
>>  Start your day with Yahoo! - make it your home page
>
>
>
> -----
> Please consider sponsoring my work on free software.
> See http://www.free.lp.se/sponsoring.html for details.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Format of file index.txt database of a CA

Olaf Gellert
In reply to this post by prakash babu
prakash babu wrote:

> *eg )   V  051213070133Z  B3500880020644B6  unknown
> /C=IN/ST=TamilNadu/O=cbe/CN=test*
> **
> *where:*
>  V                             - Certificate is Valid  (R for revoked
> certificates )

and E for expired.

>  051213070133Z         - Date upto which the certificate is valid
>  B3500880020644B6  - Serial number of the certificate
>  /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate

If a certificate is revoked, there is another
field with the date of revocation, so a revoked
entry looks like this:

R       060920165425Z   050315152021Z   0B      unknown /C=US/O=Organization/CN=Name

In the other cases (Valid and Expired), there is still an empty
field in this (so between the expiry date and the serial number
there are two tabulators). So the format is:

E|R|V<tab>Expiry<tab>[RevocationDate]<tab>Serial<tab>unknown<tab>SubjectDN

Cheers, Olaf

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]