Testing OCSP stapling

Today I was fiddling around with nginx and ssl options and wanted to verify that my server is actually serving OCSP data in its responses.

Here is a simple bash one-liner, that does exactly that:

openssl s_client -connect blog.foxxx0.de:443 -tls1  -tlsextdebug  -status <<<$(echo -en 'Host: blog.foxxx0.de\nGET /\n') |& grep -A16 '^OCSP response: $'

You might need to run this 2 or 3 times until it gives a response in case the server has no cached OCSP data available yet.

A sample response might look like:

OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = IL, O = StartCom Ltd. (Start Commercial Limited), CN = StartCom Class 2 Server OCSP Signer
    Produced At: Jul 13 11:25:27 2015 GMT
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: B9B2D56DB021B36E42F627245806C4A9A6979AEB
      Issuer Key Hash: 11DB2345FD54CC6A716F848A03D7BEF7012F2686
      Serial Number: 02998C
    Cert Status: good
    This Update: Jul 13 11:25:27 2015 GMT
    Next Update: Jul 15 11:25:27 2015 GMT