Yesterday, I received a message from my customer. He told me that his users complained that they were not able to log-in to their system, which is protected by ForgeRock OpenAM.
The error on the Login Page showed "This certificate has been revoked".
I had my Systems Consultant take a look at the issue. There is this website that check the Revocation Lists (CRL) and the OCSP status of an (SSL) Certificate.
One has to only key in https://certificate.revocationcheck.com/xxx.xxxx.com and the result will be shown.
We can also use openssl command line to find out more.
In short, nothing wrong with OpenAM. The issue was routed to their Network team instead. False alarm.