|OCSPCHECK(8)||System Manager's Manual||OCSPCHECK(8)|
ocspcheck — check
a certificate for validity against its OCSP responder
ocspcheck utility validates a PEM
format certificate against the OCSP responder encoded in the certificate
specified by the file argument. Normally it should be
used for checking server certificates and maintaining saved OCSP responses
to be used for OCSP stapling.
The options are as follows:
ocspcheck utility exits 0 if the OCSP
response validates for the certificate in file and all
output is successfully written out.
>0 if an error occurs or the OCSP response fails to validate.
ocspcheck utility first appeared in
ocspcheck was written by
ocspcheck could possibly be used in
scripts to query responders for server certificates seen on client
connections, this is almost always a bad idea. God kills a kitten every time
you make an OCSP query from the client side of a TLS connection.
ocspcheck will create the output file if
it does not exist. On failure a newly created output file will not be
|November 29, 2017||OpenBSD-current|