This is a next step of CRL vs OCSP - Shammerism.
The OCSP test with openssl I did before in OpenSSLのOCSPはURLEncodeされたOCSPリクエストを処理できない?その4 - Shammerism, OCSP responder can not be implemented on normal web servers like apache.
I will have to consider how to build up OCSP responder only using open source. But, CRL Distribution Points and CA Issuer seems to okay on normal web servers.
I can get with curl both CRL Distribution Points and CA Issuers.

Required resources are:

• My CAs and server certificates
• Some http server like apache
• OCSP Responder(candidate is open-ca)

At the first step, building up my CAs with the x509 extensions required for supporting OCSP.
According to DigiCert CAs, following things are clear.

• Root CA certificate doesn't include both AIA and CRL Distribution Points.
• Intermediate CA certificate include both AIA and CRL Distribution Points.
  • AIA is consisted of OCSP only.
  • CRL Distribution Points is RootCA's CRL.
• Server Certificates includes both AIA and CRL Distribution Points.
  • AIA is consisted of CA Issuers and OCSP
    • CA Issuer is a intermediate CA certificate
    • OCSP is same as the one of Intermediate CA
  • CRL Distribution Points is Intermediate CA's CRL

My next step is to generate RootCA certificate like above.