openssl-ocsp-responder
raw JSON → 1.0.1 verified Fri May 01 auth: no python
Simple wrapper for OpenSSL OCSP server. Provides a command-line tool and library for running an OCSP responder using OpenSSL. Current version 1.0.1, last release Jan 2024. Low release cadence.
pip install openssl-ocsp-responder Common errors
error FileNotFoundError: [Errno 2] No such file or directory: 'openssl' ↓
cause OpenSSL binary not found in system PATH.
fix
Install OpenSSL and ensure it's in PATH (e.g., on Ubuntu: sudo apt install openssl; on macOS: brew install openssl; on Windows: add to PATH).
error TypeError: __init__() got an unexpected keyword argument 'responder_cert' ↓
cause The library version is older than v1.0.0, constructor signature changed.
fix
Upgrade to latest version (pip install --upgrade openssl-ocsp-responder) or use positional arguments as per older docs.
error OSError: [Errno 98] Address already in use ↓
cause Port already occupied by another process.
fix
Use a different port or kill the existing process using that port.
Warnings
gotcha The responder requires OpenSSL binary to be installed on the system and accessible via PATH. If not found, an exception will be raised. ↓
fix Install OpenSSL (e.g., via apt, brew, or choco) and ensure it's in PATH.
gotcha The library uses subprocess to call 'openssl ocsp' command. The responder's behavior depends on the OpenSSL version installed. ↓
fix Test with the same OpenSSL version as production.
deprecated The function 'set_responder_cert' was deprecated in v1.0.0; use the constructor parameter instead. ↓
fix Pass responder_cert and responder_key directly to OCSPResponder.
Imports
- OCSPResponder
from openssl_ocsp_responder import OCSPResponder
Quickstart
from openssl_ocsp_responder import OCSPResponder
responder = OCSPResponder(
ca_cert='ca.pem',
responder_cert='responder.crt',
responder_key='responder.key',
port=8080
)
responder.serve_forever()