OCSP test requests
OCSP test requests
| Method | Path | Description |
|---|---|---|
| POST | /v1/ocsp/test |
Test OCSP |
Test OCSP
POST /v1/ocsp/test
Queries the OCSP server for the proxy certificate’s latest status and returns the response as JSON. It caches the response if the OCSP feature is enabled.
Required permissions
| Permission name |
|---|
| test_ocsp_status |
Request
Example HTTP request
POST /ocsp/test
Request headers
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
Response
Returns an OCSP status object.
Example JSON body
{
"responder_url": "http://responder.ocsp.url.com",
"cert_status": "REVOKED",
"produced_at": "Wed, 22 Dec 2021 12:50:11 GMT",
"this_update": "Wed, 22 Dec 2021 12:50:11 GMT",
"next_update": "Wed, 22 Dec 2021 14:50:00 GMT",
"revocation_time": "Wed, 22 Dec 2021 12:50:04 GMT"
}
Error codes
When errors occur, the server returns a JSON object with error_code and message fields that provide additional information. The following are possible error_code values:
| Code | Description |
|---|---|
| no_responder_url | Tried to test OCSP status with no responder URL configured |
| ocsp_unsupported_by_capability | Not all nodes support OCSP capability |
| task_queued_for_too_long | OCSP polling task was in status “queued” for over 5 seconds |
| invalid_ocsp_response | The server returned a response that is not compatible with OCSP |
Status codes
| Code | Description |
|---|---|
| 200 OK | Success querying the OCSP server |
| 406 Not Acceptable | Feature is not supported in all nodes |
| 500 Internal Server Error | responder_url is not configured or polling task failed |