blog

# vim /etc/systemd/system/ocsp-root.service

[Unit]
Description = Root CA OCSP Responder

[Service]
EnvironmentFile = /etc/default/ocsp-root
ExecStart = openssl ocsp -ignore_err -port ${PORT} -index ${INDEX_FILE} -rsigner ${RESPONSE_SIGNER} -rkey ${RESPONSE_SIGNER_KEY} -rmd ${RESPONSE_SIGNER_DIGEST} -CA ${CA} -text -out ${LOG_FILE} -passin ${RESPONSE_SIGNER_KEY_PASS …