OCSPCHECK
Description
Check OCSP server connectivity for a given certificate
Command
ocspcheck --name <certname> --caname <caname> [--bindaddr <addr/host/interface>] [--bindport <port>] [--dgst <algorithm>] [--method <GET|POST>] [--uri <URI>] [--no-verify] [--no-conf] [--dump-files] [--no-nonce] [--verbose] [--quiet] --name : certificate to be checked (must be present in local PKI dir) --caname : CA for the certificate to be checked (must be present in local or global PKI dir) --bindaddr <addr> : address/host/interface to bind the connection to --bindport <port> : port to bind the connection to --dgst <algorithm> : hash algorithm to be used for certificate IDs in OCSP request (default SHA1) --method <GET|POST> : HTTP method to use (default POST) --uri <URI> : URI to use (overrides URIs found in cert and conf) --no-verify : bypass response verification step --no-conf : do not retrieve CA and ocsp signer certs from VPN configuration --dump-files : dump OCSP request and response in ocsp_req.der and ocsp_resp.der (existing files will be overwritten) --no-nonce : do not send a nonce in the OCSP request --verbose : redirect verbose to stdout --quiet : print result only and no extra info --help : this help
Results
Example
ocspcheck --caname "C=FR ST=STST O=OO OU=OUOU CN=SubCA" --name "C=FR ST=STST O=OO OU=OUOU CN=VPNClient.com" --quiet