OCSPCHECK

Description

Check OCSP server connectivity for a given certificate

Command

ocspcheck --name <certname> --caname <caname> [--bindaddr <addr/host/interface>] [--bindport <port>] [--dgst <algorithm>] [--method <GET|POST>] [--uri <URI>] [--no-verify] [--no-conf] [--dump-files] [--no-nonce] [--verbose] [--quiet]
--name              : certificate to be checked (must be present in local PKI dir)
--caname            : CA for the certificate to be checked (must be present in local or global PKI dir)
--bindaddr <addr>   : address/host/interface to bind the connection to
--bindport <port>   : port to bind the connection to
--dgst <algorithm>  : hash algorithm to be used for certificate IDs in OCSP request (default SHA1)
--method <GET|POST> : HTTP method to use (default POST)
--uri <URI>         : URI to use (overrides URIs found in cert and conf)
--no-verify         : bypass response verification step
--no-conf           : do not retrieve CA and ocsp signer certs from VPN configuration
--dump-files        : dump OCSP request and response in ocsp_req.der and ocsp_resp.der (existing files will be overwritten)
--no-nonce          : do not send a nonce in the OCSP request
--verbose           : redirect verbose to stdout
--quiet             : print result only and no extra info
--help              : this help

Results

 

Example

ocspcheck --caname "C=FR ST=STST O=OO OU=OUOU CN=SubCA" --name "C=FR ST=STST O=OO OU=OUOU CN=VPNClient.com" --quiet