How to check if an OCSP response is valid
The Online Certificate Status Protocol (OCSP) is used to check the revocation status of an X.509 digital certificate.
If you perform a packet capture on the client or on the LoadMaster and filter on OCSP you should see the client's request and server response.
To check if the certificate's serial number sent in the request is valid, click on the response packet. Check under Online Certificate Status Protocol - dig down to certStatus and the response will be displayed as either good or bad.
Attached is a packet capture taken from Packetlife.net. Further examples can be found here:
http://packetlife.net/captures/protocol/ocsp
Was this article helpful?
0 out of 0 found this helpful