Menu

Delete CRL and OCSP Cache

Feb 17, 2025

Windows

By default, Windows caches Certificate Revocation Lists (CRL) and CA certificates to quickly verify certificate chains. The downside of this behavior is that the client does not pick up a newer CRL until the locally cached CRL has expired. To delete OCSP and/or CRL cache from your Windows system:

  1. Go to Start Menu > Run.
  2. Type cmd and press Enter.
  3. Enter the following command and press Enter to execute:
    certutil -urlcache * delete

Mac OS X

Note: After clearing the cache, you need to restart your computer for the changes to take effect. 

OS X (through 10.11)

  1. To delete both OCSP and CRL cache, in a terminal, enter the following command:
    sudo rm /var/db/crls/*cache.db
     

    That will remove the following files:
    /var/db/crls/crlcache.db
    /var/db/crls/ocspcache.db

OS X 10.12 Sierra

  1. To delete both OCSP and CRL cache in OS X 10.12, open a terminal and run the following command:
    sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM ocsp;'

Related Articles

DomainSSL Overview

Feb 28, 2020, 7:27 AM

An Overview of DomainSSL As one of the most popular SSL Certificates on the web, DomainSSL is one of the fastest and most affordable ways to activate strong SSL protection for your website. DomainSSL is fully automated which means you'll be able to start protecting your ecommerce, logins, webmail and more in just a few minutes, 24/7. keywords: domain ssl overview, domain ssl certificates, dv ssl certificates, dvssl, dv, ssl, domain overview

Read More

OrganizationSSL Overview

Mar 2, 2020, 7:38 AM

High assurance OrganizationSSL Certificates provide instant identity confirmation and strong SSL protection for your website. Your customers see that GlobalSign has authenticated your identity - strengthening their trust that they're doing business with the right people.

Read More

How to add DNS CAA record in a hosted DNS

Mar 8, 2020, 3:46 PM

This article will provide the guidelines in adding a Certification Authority Authorization (CAA) record in a hosted DNS. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: If you have any issues or questions whether CAA is supported with your setup, contact your DNS manager for further details.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support