Troubleshooting

For more information to troubleshoot some common problems that can occur while executing CLM actions, refer to the CERT Troubleshooting Guide.

Troubleshooting OCSP Request with OpenSSL

Follow these steps to test the OCSP service via CC URL: http://{CCURL}:{Scep port}/ocsp:

  1. Download the immediate issuer and end certificates from the AppViewX UI with the following names:
    • PKIaaS_Actions_Private_CA_SubOrdinate - issuer.crt
    • dev22.avx.plus - cert.crt
  2. Configure openSSL in the end device.
  3. Trigger the following OpenSSL command with issuer.crt and cert.crt:
    openssl ocsp -issuer issuer.crt -cert cert.crt -text -url http://pe-pltf-node66.lab.appviewx.net:30022/ocsp -noverify
    If the certificate is revoked, the revoke status will be received in the OCSP response as shown:
  4. Once the CC URL is accessible from OCSP, test the same with CC’s load balancer.