Handle the OCSP request on the server

To handle the OCSP request on the server use TElOCSPServer component.

Before the server can be used, you need to setup certain properties.

The response, generated by OCSP server, must be signed. So you need to specify the certificates, which will be used for signing. To do this, set the SigningCertStorage property of TElOCSPServer class to reference the instance of TElMemoryCertStorage, which contains one or more certificates. One certificate in the storage must have a private key. It is an option to send or not send the client certificates with the request. With TElOCSPServer, this is controlled by IncludeCertificates property.

If you want to force the clients sign the request, set SignatureRequired property of TElOCSPServer component to true.

There are several events in the server, for which you must define the event handlers.

First event is OnSignatureValidate. It is fired after the certificates have been read from the signed client request, and the application must validate the certificates. The certificates can be read from RequestCertificates property, which contains a reference to TElMemoryCertStorage, filled with request certificates.

If the signed request doesn't include certificates, the OnCertificateNeeded event is fired, so your application must be ready to handle this event too. If you don't provide the necessary certificate, the signature validation will fail.

The main event is OnCertificateCheck. This event is fired for each certificate in the request, whose status is to be validated.

To process the request, you need to call ProcessRequest() method of TElOCSPServer. This method parses the request, calls the necessary event handlers, and then composes the reply (or returns error in case when something goes wrong).