Sometimes, a SSL provider (Certification Authority) will revoke a certain SSL certificate from the chain of trust, but the certificate will remain in local cache. This will produce error messages, like "Certificate Revoked" or something similar.
When this occurs, clearing the local CLR (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) caches will force an operating system to fetch the new intermediate SSL certificate and restore the chain of trust when performing SSL handshake.
Clearing local CLR and OCSP cache on Microsoft Windows (7 or newer)
- Open the Command Prompt or PowerShell and type the following:
certutil -urlcache * delete
- To only delete delete the CRL cache:
certutil -urlcache crl delete
Clearing local CLR and OCSP cache on Apple OS X (10.6 or newer)
Open the Terminal.app application and type the following
sudo rm /var/db/crls/*cache.db
(You will be prompted to enter your administrator password)ud
Clearing local CLR and OCSP cache on Apple macOS Sierra (10.12)
Open the Terminal.app application and type the following:
sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM responses WHERE responderURI LIKE "%http://%.globalsign.com/%”;'