You can test the configuration and setup of Nexus OCSP Responder by using the bundled OCSP client. It is named ocsp_client.bat on Windows and ocsp_client on the available Linux distributions. The OCSP client is located in the /bin directory relative to the installation root.
...
Code Block |
---|
ocsp_client -verbose -url <url> -certstore <trust-store> -nonce -servicelocator <url> -authcert <certificate> -authpin <pin> -pkcs11lib <lib> -provider <provider> -signalg <algorithm> -signcert <certificate> -signpin <pin> -[no]chain <serial-nr> ... |
Options and Arguments | Description |
---|---|
| The certificate to use for TLS client authentication. Replace |
| Replace |
| Replace |
| The certificate to use for signing the OCSP request. Replace |
| Replace |
| Use this option to add a certificate chain to the signed OCSP request. Only the signature certificate will be used in the signed OCSP request by default. |
| Use this option to not add the signature certificate or chain to the signed OCSP request. |
| Use this option to add a random nonce to the request. |
| Replace |
| Replace |
| Replace |
| Replace |
| Replace |
| Use this option to print out debug data and more information about the response. |
| Either a file containing the certificate one wants to query the status of or a certificate serial number and issuer name specified as: |
Examples
...
Example 1: single, unsigned, non-nonced request
Code Block |
---|
ocsp_client -verbose -url http://ocsphost:81/ -certstore trust.store example1.crt |
Code Block |
Example 2: single, unsigned, non-nonced request
Code Block |
---|
ocsp_client -verbose -url http://ocsphost:81/ -certstore trust.store "0x42f3d19e9fe13f98b8c7b98f10bf6c2d:cn=Issuing CA,c=SE" |
Code Block |
Example 3: unsigned nonced multirequest over client-authenticated TLS
Code Block |
---|
ocsp_client -verbose -url https://ocsphost:81/ -certstore trust.store -nonce -authcert "Ocsp Test Auth" -authpin 1234 -pkcs11lib pkcs11_library.dll example1.crt example2.crt |
Code Block |
Example 4: signed, non-nonced request about a root certificate
Code Block |
---|
ocsp_client -verbose -url http://ocsphost:81/ -certstore trust.store -signcert "Ocsp Test Sign" -signpin 1234 -pkcs11lib pkcs11_library.dll root-cert.crt |
...