Peter, if I understand correctly your environment uses a SOCKS proxy to gain access to the network where the OCSP server is located and since neither OpenSSL or certutil support that natively you are asking how to run a test in such an environment?

BTW, turning off security.ssl.enable_ocsp_stapling worked, also. But I installed a clean version of 31.0 on a new laptop this afternoon, and the fanfiction site worked fine without my having to turn it off. so I went back to the desktop machine and turned ocsp stapling back on, … OpenSSL - Wikipedia OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.. OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements How To Configure OCSP Stapling on Apache and Nginx

SSL/TLS Strong Encryption: How-To - Apache HTTP Server

debian - OpenSSL OCSP Responder don't start anymore - Unix I used OpenSSL OCSP server for about a week and it worked fine. Today I upgraded the system and after a reboot it failed to start. Here is the command used to start the service: openssl ocsp -index -port 127.0.0.1:2560 -sha256 -CA -rkey -rsigner Now I …

OCSP Stapling on Apache - Raymii.org

I'm implementing an OCSP server to answer OCSP requests for my custom CA. I already implemented the invalidation of leaves certificates, with the intermediate CA certificate signing the OCSP response, and it seems to be working. However, I have troubles implementing the OCSP response to invalidate a intermediate certificate. OpenSSL Cookbook: Chapter 2. Testing with OpenSSL