Windows: How can I diagnose certificate revocation check failure, when I know the OK response is sent?

ssl-certificate openssl ocsp exchange-server

Solution 1:

The certutil.exe has a relatively new option, called -downloadocsp which you can use to verify the OCSP responses.

  1. In a command prompt, create two folders, called certs and results.
  2. Place your Exchange server certificates in the certs folder. If your using OCSP to check the CA certificate too, place a copy of the CA certificate in that folder.
  3. Run certutil -downloadocsp certs results downloadonce. This will create a .ocsp file within results for each response.
  4. Finally, run certutil results\????.ocsp to view each response as plaintext.

The above is from Mark Cooper's brilliant website.

Related

Lets encrypt ERR_CERTIFICATE_TRANSPARENCY_REQUIRED on chrome 68.0.3440.106
Is it secure to still using an old version of VMWare ESXi for production after support ends?
Cannot connect to open port in remote server
Why can't re-install apache2?
Creating a stacked area distribution percentile graph in Google Cloud Monitoring
How can I report on who has viewed a file in an Office 365 SharePoint library?
nginx location host without www
e2fsck cleans a filesystem and then a few minutes later (after a lot of reads) there are errors
GCP - which role a permission belongs?
How do I proxy pass a URL in Nginx where location match is a URL and proxy pass has another URL
Connecting to Google Cloud MySql DB with a changing IP address
Separating networks with limited access between