You can check the revocation status of the server certificate by using the
OCSP check function of the openssl command. For more
details, see the openssl documentation.
-
On the management server, run the following openssl
command.
Command syntax:
installation-directory-of-Common-Services/openssl/bin/openssl ocsp -no_nonce -issuer issuer-certificate -cert server-certificate -url OCSP-Responder-URI -text
The issuer certificate is either the root
certificate or, if there is an intermediate certificate, specify the
PEM-format certificate that combines the root and intermediate
certificates.
Command example:
/opt/hitachi/CommonService/openssl/bin/openssl ocsp -no_nonce -issuer cacert.cer -cert httpsd.cer -url http://ad.example.com/ocsp -text
-
Check whether the value of Cert Status is
good. If the value is revoked, the server
certificate has expired.