- SPFX=example.$tld/$server.example.$tld/$server.example.$tld
- openssl ocsp -issuer $CADIR/Signer.pem -cert $SPFX.pem -reqout $SPFX.ocsp.req
- openssl ocsp -index $CADIR/index.valid.txt $OGENCOMMON -ndays 3652 -reqin $SPFX.ocsp.req -respout $SPFX.ocsp.good.resp
- openssl ocsp -index $CADIR/index.valid.txt $OGENCOMMON -ndays 30 -reqin $SPFX.ocsp.req -respout $SPFX.ocsp.dated.resp
- openssl ocsp -index $CADIR/index.revoked.txt $OGENCOMMON -ndays 3652 -reqin $SPFX.ocsp.req -respout $SPFX.ocsp.revoked.resp
+ SPFX=$idir/$server.$iname/$server.$iname
+ openssl ocsp -issuer $CADIR/Signer.pem -cert $SPFX.pem -no_nonce -sha256 -reqout $SPFX.ocsp.req
+ REQIN="-reqin $SPFX.ocsp.req"
+
+ OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -noverify"
+ openssl ocsp $IVALID $OGENCOMMON -ndays 3652 -sha256 $REQIN -respout $SPFX.ocsp.good.resp
+ openssl ocsp $IVALID $OGENCOMMON -ndays 30 -sha256 $REQIN -respout $SPFX.ocsp.dated.resp
+ openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 -sha256 $REQIN -respout $SPFX.ocsp.revoked.resp
+
+ OGENCOMMON="-rsigner $CADIR/Signer.pem -rkey $CADIR/Signer.key -CA $CADIR/Signer.pem -noverify"
+ openssl ocsp $IVALID $OGENCOMMON -ndays 3652 -sha256 $REQIN -respout $SPFX.ocsp.signer.good.resp
+ openssl ocsp $IVALID $OGENCOMMON -ndays 30 -sha256 $REQIN -respout $SPFX.ocsp.signer.dated.resp
+ openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 -sha256 $REQIN -respout $SPFX.ocsp.signer.revoked.resp
+
+ OGENCOMMON="-rsigner $CADIR/Signer.pem -rkey $CADIR/Signer.key -CA $CADIR/Signer.pem -resp_no_certs -noverify"
+ openssl ocsp $IVALID $OGENCOMMON -ndays 3652 -sha256 $REQIN -respout $SPFX.ocsp.signernocert.good.resp
+ openssl ocsp $IVALID $OGENCOMMON -ndays 30 -sha256 $REQIN -respout $SPFX.ocsp.signernocert.dated.resp
+ openssl ocsp $IREVOKED $OGENCOMMON -ndays 3652 -sha256 $REQIN -respout $SPFX.ocsp.signernocert.revoked.resp