PKI OCSP Certificate CLI - dogtagpki/pki GitHub Wiki
The pki ocsp-cert-verify provides an interface to verify a certificate using OCSP protocol.
The command can be used against the OCSP responder in OCSP subsystem or the built-in OCSP responder in CA subsystem.
Availability: Since PKI 11.7
To verify a certificate against the OCSP responder in OCSP subsystem:
$ pki ocsp-cert-verify \
--ca-cert ca_signing \
<serial number>
To verify a certificate against the built-in OCSP responder in CA subsystem:
$ pki ocsp-cert-verify \
--path /ca/ocsp \
--ca-cert ca_signing \
<serial number>