|OCSPCHECK(8)||System Manager's Manual||OCSPCHECK(8)|
ocspcheckutility validates a PEM format certificate against the OCSP responder encoded in the certificate specified by the file argument. Normally it should be used for checking server certificates and maintaining saved OCSP responses to be used for OCSP stapling. The options are as follows:
ocspcheckutility exits 0 if the OCSP response validates for the certificate in file and all output is successfully written out.
ocspcheckexits >0 if an error occurs or the OCSP response fails to validate. nc(1), tls_config_set_ocsp_staple_file(3), tls_config_set_ocsp_staple_mem(3), httpd(8)
ocspcheckutility first appeared in OpenBSD 6.1.
ocspcheckwas written by Bob Beck.
ocspcheckcould possibly be used in scripts to query responders for server certificates seen on client connections, this is almost always a bad idea. God kills a kitten every time you make an OCSP query from the client side of a TLS connection.
ocspcheckwill create the output file if it does not exist. On failure a newly created output file will not be removed.
|November 29, 2017||OpenBSD-current|