Viewing and deleting the OCSP and CRL cache on Windows. Verifying certificate validity.

In some cases you may want to revoke certificate and then check on client computer that the certificate is invalid.

Because of caching of CRLs and OCSP in Windows operating systems, this will not be available until you clear CRL and OCSP cache.

 

How to view and clear CRL and OCSP cache

You can do that with certutil:

View OCSP cache
certutil -urlcache ocsp
View CRL cache
certutil -urlcache crl
View both OCSP and CRL cache 
certutil -urlcache *
Delete OCSP cache
certutil -urlcache ocsp delete
Delete CRL cache
certutil -urlcache crl delete
Delete “all” cache
certutil -urlcache * delete

 

 Verifying certificate validity

Certutil also can used to verify validity of certificate with the GUI interface.

certutil -url ‘certificatefilename’

 image

 

Or in this way:

certutil -f –urlfetch -verify 'certificatefilename’

 

 

 

Tags: security, pki (en)

PrintEmail

Add comment


Security code
Refresh