Verify CRL and OCSP of a certificate

One way to verify the revocation status of a certificate is to use the certutil command.

Export a certificate from store in DER format. Save it to i.e C:\Temp\Cert.der
Open a command promt and type.

certutil -url C:\Temp\Cert.der

The URL Retrival Tool will open. From here you can verify:

Certs (from AIA)
CRLs (from CDP)
OCSP (from AIA)

URL Ret Tool


Another way command line

Certutil -verify -urlfetch C:\Temp\Cert.der



This entry was posted in Certificate Services and tagged , , , . Bookmark the permalink.