Method Path Description
POST /v1/ocsp/test Test OCSP

Test OCSP

POST /v1/ocsp/test

Queries the OCSP server for the proxy certificate’s latest status and returns the response as JSON. It caches the response if the OCSP feature is enabled.

Required permissions

Permission name
test_ocsp_status

Request

Example HTTP request

POST /ocsp/test 

Request headers

Key Value Description
Host cnm.cluster.fqdn Domain name
Accept application/json Accepted media type

Response

Returns an OCSP status object.

Example JSON body

{
    "responder_url": "http://responder.ocsp.url.com",
    "cert_status": "REVOKED",
    "produced_at": "Wed, 22 Dec 2021 12:50:11 GMT",
    "this_update": "Wed, 22 Dec 2021 12:50:11 GMT",
    "next_update": "Wed, 22 Dec 2021 14:50:00 GMT",
    "revocation_time": "Wed, 22 Dec 2021 12:50:04 GMT"
}

Error codes

When errors occur, the server returns a JSON object with error_code and message fields that provide additional information. The following are possible error_code values:

Code Description
no_responder_url Tried to test OCSP status with no responder URL configured
ocsp_unsupported_by_capability Not all nodes support OCSP capability
task_queued_for_too_long OCSP polling task was in status “queued” for over 5 seconds
invalid_ocsp_response The server returned a response that is not compatible with OCSP

Status codes

Code Description
200 OK Success querying the OCSP server
406 Not Acceptable Feature is not supported in all nodes
500 Internal Server Error responder_url is not configured or polling task failed