OCSPClient

Jump to bottom

Marco Fargetta edited this page Aug 24, 2023 · 2 revisions

Using OCSPClient against CA’s Internal OCSP Responder

$ OCSPClient \
    -d ~/.dogtag/pki-tomcat/ca/alias \
    -h $HOSTNAME \
    -p 8080 \
    -t /ca/ocsp \
    -c ca_signing \
    --serial 6
CertID.serialNumber=6
CertStatus=Good

See also Configuring Internal OCSP Responder.

Using OCSPClient against OCSP Subsystem

Note: Currently the CRL has to be published first from CA to OCSP, otherwise OCSPClient will fail.

$ OCSPClient \
    -d ~/.dogtag/pki-tomcat/ca/alias \
    -h $HOSTNAME \
    -p 8080 \
    -t /ocsp/ee/ocsp \
    -c ca_signing \
    --serial 6
CertID.serialNumber=6
CertStatus=Good

See Also

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

Clone this wiki locally