Objective of this Knowledge Article is to help analyze the packet trace collected between NetScaler and OCSP Server and look for response from OCSP Server for the validation test performed by NetScaler to check the validity of Certificates.
 

---

Instructions

 As per the packet capture here, we can see one OCSP Request from NetScaler to OCSP Server and one response to that.

 In the Response we can expand the OCSP Header >> responseBytes >> BasicOCSPResponse >> tbsResponseData >> responses >> SingleResponse >> certStatus and we see that "certStatus reported here is "revoked"".

 As per RFC#2560 there can be either of the following three response to the queries:
 

• good
• revoked
• unknown

 We can find following details if the answer to the query is "revoked":

 1) revocationTime :- Time when this Cert was revoked for the first time.
 2) thisUpdate :- The time at which the status being indicated is known to be correct.
 3) nextUpdate :- The time at or before which newer information will be available about the status of the certificate.