Test OCSP Services

Test the OCSP services offered by the Validation Responder using an OCSP client tool, such as the ActivID Validation Client, the Desktop Validation Client or OpenSSL (available from openssl.org). The following example uses the OpenSSL command line tool.

From the command line, type the following:

Copy 
>openssl ocsp –CAfile cafile.pem –issuer ISSUER.cer –cert USER.cer 

–url http://ra2400D-name/ -no_nonce

Where:

  • cafile.pem is a file in base-64 (PEM) format that contains a set of PEM-format trusted CA certificates that can be used to verify the signature on the OCSP response.

  • ISSUER.cer is a file in base-64 (PEM) format that contains the certificate of the Certificate Authority that signed the USER.cer file.

  • USER.cer is a file in base-64 (PEM) format that contains the certificate for which you want to determine the status.

  • ra2400D-name is the Validation Responder hostname.

The following is an example:

OpenSSL> ocsp -sha256/1 -no_nonce -issuer msca178-root.cer -url http://10.16.33.29:3502/ -VAfile ocsp-signature.cer -serial "0x75000002e45d6ba1bf9e50d6ad0000000002e4"
Response verify OK
0x75000002e45d6ba1bf9e50d6ad0000000002e4: revoked
        This Update: Mar 30 20:41:20 2016 GMT
        Next Update: Mar 31 23:25:20 2016 GMT
        Revocation Time: Sep 28 22:23:26 2015 GMT
OpenSSL>

OpenSSL ocsp -sha256/1  -issuer msca178-root.cer -url https://10.16.33.29:3602/ -VAfile ocsp-signature.cer -serial "0x75000002e45d6ba1bf9e50d6ad0000000002e4"
WARNING: no nonce in response
Response verify OK
0x75000002e45d6ba1bf9e50d6ad0000000002e4: revoked
        This Update: Mar 30 20:41:20 2016 GMT
        Next Update: Mar 31 23:25:20 2016 GMT
        Revocation Time: Sep 28 22:23:26 2015 GMT
OpenSSL>

ocsp -sha256/1  -issuer msca178-root.cer -url https://10.16.33.29:3602/ocsp -VAfile ocsp-signature.cer -serial "0x75000002e45d6ba1bf9e50d6ad0000000002e4"
WARNING: no nonce in response
Response verify OK
0x75000002e45d6ba1bf9e50d6ad0000000002e4: revoked
        This Update: Mar 30 20:41:20 2016 GMT
        Next Update: Mar 31 23:25:20 2016 GMT
        Revocation Time: Sep 28 22:23:26 2015 GMT
OpenSSL>