Help regarding below OCSP related structures in Visual C++ RRS feed

All replies

  • Hi,


    According to your description, I suggest you can send your issue to the Application Security for Windows Desktop forum


    Best Regards,


    Rob Pan [MSFT]
    MSDN Community Support | Feedback to us
    Monday, December 12, 2011 8:55 AM

    Had already posted in Application Security for Windows Desktop .

    Was directed to this forum.

    Wednesday, December 14, 2011 8:02 AM
  • Hi,

    I have been searching ways to manually create ocsp request to send to the responder.

    We have windows 7 on the client side and we use MS CAPI and Visual C++.

    Please let me know how to retrieve these additional info from the certificate and send out the OCSP req via GET/POST

    . ie, how to retrieve the below from the certificate:

    hashAlgorithm AlgorithmIdentifier,
    issuerNameHash OCTET STRING, -- Hash of Issuer's DN
    issuerKeyHash OCTET STRING, -- Hash of Issuers public key
    serialNumber CertificateSerialNumber

    NB:  I have been asking around the same in various forums for a while now ..have not got any proper reply..(,,



    • Merged by Mike Dos Zhang Monday, October 1, 2012 4:44 AM duplicate and security dev aspect
    Friday, September 28, 2012 11:19 AM
  • I'm not 100% sure, but it seems like the client should compute the issuerNameHash and issuerKeyHash according to the hashAlgorithm. Most likely OCSP responders will understand SHA-1.

    The serialNumber can be obtained by looking at the CERT_INFO.SerialNumber field of a certificate context. Once you have this data.

    You can create an OCSP_REQUEST structure using 0 for all values except the rgRequestEntry field. That structure has a CertId field which you can populate with the hashes, serial number, and hash algorithm.

    Then you can call CryptEncodeObjectEx to encode the OCSP_REQUEST. The result is what you can submit to an OCSP responder.


    Thursday, October 4, 2012 2:32 AM