Checking the revocation status of the server certificate by using a command

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23

You can check the revocation status of the server certificate by using the OCSP check function of the openssl command. For more details, see the openssl documentation.

  1. On the management server, run the following openssl command.

    Command syntax:

    installation-directory-of-Common-Services/openssl/bin/openssl ocsp -no_nonce -issuer issuer-certificate -cert server-certificate -url OCSP-Responder-URI -text

    The issuer certificate is either the root certificate or, if there is an intermediate certificate, specify the PEM-format certificate that combines the root and intermediate certificates.

    Command example:

    /opt/hitachi/CommonService/openssl/bin/openssl ocsp -no_nonce -issuer cacert.cer -cert httpsd.cer -url http://ad.example.com/ocsp -text
  2. Check whether the value of Cert Status is good. If the value is revoked, the server certificate has expired.