Skip to content

OCSPClient

Marco Fargetta edited this page Aug 24, 2023 · 2 revisions

Using OCSPClient against CA’s Internal OCSP Responder

$ OCSPClient \
    -d ~/.dogtag/pki-tomcat/ca/alias \
    -h $HOSTNAME \
    -p 8080 \
    -t /ca/ocsp \
    -c ca_signing \
    --serial 6
CertID.serialNumber=6
CertStatus=Good

Using OCSPClient against OCSP Subsystem

Note: Currently the CRL has to be published first from CA to OCSP, otherwise OCSPClient will fail.

$ OCSPClient \
    -d ~/.dogtag/pki-tomcat/ca/alias \
    -h $HOSTNAME \
    -p 8080 \
    -t /ocsp/ee/ocsp \
    -c ca_signing \
    --serial 6
CertID.serialNumber=6
CertStatus=Good

See Also

Clone this wiki locally