Chapter 22. OCSPClient (Sending an OCSP Request)

The OCSP request utility, OCSPClient, creates an OCSP request conforming to RFC 2560, submits it to the OCSP server, and saves the OCSP response in a file.

22.1. Syntax

The OCSPClient tool has the following syntax:

OCSPClient host port dbdir nickname serial_number or filename output times

Option Description
host Specifies the hostname of the OCSP server. Depending on how DNS and the network are configured, this can be a machine name, fully-qualified domain name, or IPv4 or IPv6 address.
port Gives the end-user port number of the OCSP server.
dbdir Gives the location of the security databases (cert8.db, key3.db, and secmod.db) which contain the CA certificate that signed the certificate being checked.
nickname Gives the CA certificate nickname.
serial_number or filename Gives the serial number or, alternatively, the name of the file containing the request for the certificate that's status is being checked.
output Gives the path and file to which to print the DER-encoded OCSP response.
times Specifies the number of times to submit the request.