QuoVadis Check OCSP Tool
This is a tool written in Python running on Django which can verify the status of a certificate in Online Certificate Status Protocol.
The tool makes use of the following command:
openssl ocsp -nonce -noverify -issuer [issuer] -serial [serial] -url [URL]
Where [issuer] is the path to the issuer PEM file, [serial] is the serial number and [URL] is the OCSP URL to be checked.
In order to check OCSP, you must input the following:
- OCSP URL - This is the URL where the OCSP check will be performed. By default, it is set to production URL for the majority of QuoVadis issued certificates.
- End Entity Certificate Serial Number - Paste in the serial number of the certificate that you wish to verify; without spaces or special characters.
Note: If the serial number is in Hexadecimal format, then it must start with
0x. If the serial number is in Decimal format, then you must remove the
- Issuing CA - Select the issuing CA that this certificate was issued out of. If the issuing CA is not listed, then you will need to add it manually through the Django admin interface. There is a ServiceDesk article on how to do this. Credentials should be in vault.
- Full Response - By default, this is unchecked which will return a short OCSP reponse. The short response is suitable for quick status checking. Check this option if you wisht to see the full OCSP response (which may assist in troubleshooting).
There are no special configurations for this tool.