OCSP support
A little known fact—the client certificate's serial number is present as an environment variable in scripts—allows OpenVPN to support the Online Certificate Status Protocol (OCSP). This recipe will show how OCSP can be set up and be supported by an OpenVPN server.
Getting ready
We use the following network layout:
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the machine on which the CA certificate and private key are stored is ocsp.example.com. The server computer was running CentOS 5 Linux and OpenVPN 2.1.3. The client was running Windows XP SP3 and OpenVPN 2.1.3. Keep the configuration file basic-udp-server.conf from the Chapter 2 recipe Server-side routing at hand, as well as the client configuration file, basic-udp-client.ovpn, from the Chapter 2 recipe Using an 'ifconfig-pool' block.
How to do it...
First , start an OCSP server by re-using the PKI created in Chapter 2, Client-server IP-only...
