Certutil and OCSP validation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 20%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Josibeth Cedeño
0
Reputation points
Hi, I have an OCSP responder running and I am trying to verify the status of the certificates with the certutil tool, however we have cases where the response is correct and then the response expires. Or if we consult the same certificate from one computer it indicates verified but if we consult from another computer it responds incorrect. Could you help me with this? Is "certutil" a 100% reliable service? Why is it that when I consult it responds with expired and after several queries it responds with the correct status of the certificate? The response from my OCSP responder is the same for all cases and I can see that the correct status of the certificate is included in the response. I already verified that the nextUpdate field is included in the response, however I still have this intermittency between correct and incorrect answers.
Windows for business | Windows Server | Devices and deployment | Configure application groups
Sign in to answer