====== OCSP ======
Commands from [[https://apuntesderootblog.wordpress.com/2014/01/18/how-to-test-a-ocsp-server/|this site]].

===== Test OCSP in Windows =====
You can test OCSP on Windows with the following commands
<code>certutil.exe -verify -urlfetch NAME_OF_CERT.crt</code>
You can use the GUI with the following command
<code>certutil.exe -url NAME_OF_CERT.crt</code>
However, if you are testing certificates generated internall (i.e. not public certificates for websites like Google or Wikipedia), then you will need to install the full certificate chain on your machine. Specifically, use the following command to install the Root CA on the local store (do not rely on installing the certificate in the Trusted Root Certificate Store as this does not work).
<pre>certutil.exe -addstore root NAME_OF_ROOT_CERT.crt</pre>

===== Test OCSP in OpenSSL =====
You can also use the [[https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html|OpenSSL command]].

<code>openssl ocsp -issuer NAME_OF_ROOT.crt -cert NAME_OF_CERRT.crt -text -url http://responder.com/CA/url</code>

The command to get the OCSP URL from the certificate is
<code>openssl x509 -noout -ocsp_uri -in NAME_OF_CERT.crt</code>

Remember, Google Chrome does not actually use OCSP so do not use this web browser for testing OCSP functionality. Internet Explorer also seems to ignore OCSP. Firefox 68 still checks OCSP.