Using the Certutil Utility to Check Cached CRL and OCSP Responses
With the Certutil utility, you can view and manipulate certificate revocation list (CRL) and Online Certificate Status Protocol (OCSP) responses that are cached on a system's hard disk.
February 6, 2014
Q: Where can I find the certificate revocation list (CRL) and Online Certificate Status Protocol (OCSP) responses that are cached on my system's hard disk? How can I easily view and manipulate the content of a user's disk cache?
A: The user-specific CRL cache on a system's hard disk can be found in every user's profile folder underneath the %APPDATA%MicrosoftCryptnetUrlCache folder. For the Windows System user profile, the CRL disk cache can be found in %WINDIR%System32configSystemProfileApplication DataMicrosoftCryptnetUrlCache. (If you're unfamiliar with these CRL caches, see "Understanding the Caching Mechanisms Used During Certificate Validation.")
To view and manipulate the content of the user-specific CRL cache on disk, you can use the Certutil command-line utility. Specifically, you need to use the certutil command with the -urlcache switch. For example, to display the content of your user account's CRL disk cache, you run the command:
certutil -urlcache CRL
To display the content of the OCSP disk cache, you use the command:
certutil -urlcache OCSP
To remove a CRL named from the disk cache (where CRLFILE will have a *.crl file extension), you run the command:
certutil -urlcache delete
To remove all CRLs from the disk cache, you use the command:
certutil -urlcache CRL delete
To remove all OCSP responses from the disk cache, you run the command:
certutil -urlcache OCSP delete
Note that Certutil can only look at the cache content of the user account with which you logged on. If you want to look at the cache content of another user account, you must use the runas command or log on to Windows using that account.
About the Author(s)
You May Also Like