What is local CRL and OCSP and how do you go clear cache on Microsoft Windows &+ or Apple OX X (10.6 or newer)?
Sometimes, an SSL provider (Certification Authority) will revoke a certain SSL certificate from the chain of trust, but the certificate will remain in local cache. This will produce error messages, like "Certificate Revoked" or similar.
Clearing the local CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) caches will force an operating system to fetch the new intermediate SSL certificate and restore the chain of trust when performing SSL handshake.
Clearing local CRL and OCSP cache on Microsoft Windows (7 or newer)
- Open the Command Prompt or PowerShell and type the following:
certutil -urlcache * delete
- To only delete the CRL cache:
certutil -urlcache crl delete
Clearing local CRL and OCSP cache on Apple OS X (10.6 or newer)
Open the Terminal.app application and type the following
sudo rm /var/db/crls/*cache.db
(You will be prompted to enter your administrator password)
Clearing local CRL and OCSP cache on Apple macOS Sierra (10.12)
Open the Terminal.app application and type the following:
sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM responses WHERE responderURI LIKE "%http://%.globalsign.com/%”;'