ocsp.1s
queries OCSP responders
TLDR
Check certificate status
$ openssl ocsp -issuer [issuer.pem] -cert [cert.pem] -url [ocsp_url]
Query OCSP responder$ openssl ocsp -issuer [issuer.pem] -serial [serial_number] -url [ocsp_url]
Verify response$ openssl ocsp -respin [response.der] -verify_other [ca.pem]
Create OCSP request$ openssl ocsp -issuer [issuer.pem] -cert [cert.pem] -reqout [request.der]
SYNOPSIS
openssl ocsp [options]
DESCRIPTION
openssl ocsp queries OCSP responders. Checks certificate revocation status.The tool validates certificates online. Part of OpenSSL suite.
PARAMETERS
-issuer FILE
Issuer certificate.-cert FILE
Certificate to check.-serial NUMBER
Certificate serial number.-url URL
OCSP responder URL.-respin FILE
Read OCSP response.-reqout FILE
Write OCSP request.--help
Display help information.
CAVEATS
Requires network access. Part of OpenSSL. OCSP responder must be available.
HISTORY
OCSP support was added to OpenSSL for online certificate revocation checking.
SEE ALSO
openssl(1), openssl-verify(1), openssl-crl(1)
