Hang on a sec, I just noticed the reference to RFC 6960 in the quoted spec. When I search in the doc for "CertID" I find a grammar:
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of issuer's DN
issuerKeyHash OCTET STRING, -- Hash of issuer's public key
serialNumber CertificateSerialNumber }
where this is used in an OCSP request. Huh... CertMagic already staples OCSP so we have code that makes a request. What does it look like, I wonder?
So I go to our code that does it, but we call a third-party package function, ocsp.CreateRequest(), which takes in an *x509.Certificate and returns []byte.
Huh. So what does that function do?
It returns a structure that looks very familiar now:
req := &Request{
HashAlgorithm: hashFunc,
IssuerNameHash: issuerNameHash,
IssuerKeyHash: issuerKeyHash,
SerialNumber: cert.SerialNumber,
}
return req.Marshal()
Soooo... am I basically just using an OCSP request?
Edit: Just saw the reply above while typing this. Thanks for the links, I'll check out that C# code and see what I can learn from it.