OCSP (Online Certificate Status Protocol)
What is OCSP (Online Certificate Status Protocol)?
OCSP (Online Certificate Status Protocol)An HTTP-based protocol that lets a client query a CA's responder in real time to determine whether a specific X.509 certificate is valid, revoked or unknown.
OCSP, defined in RFC 6960, replaces large, slowly-refreshed CRLs with a real-time lookup. The client sends a signed request containing the serial number of the certificate to the OCSP responder URL listed in the certificate's Authority Information Access extension. The responder returns a signed status (good, revoked, or unknown) and the relying party trusts the result if it can validate the responder's signature. OCSP stapling lets the TLS server fetch and cache the response itself and present it during the handshake, removing privacy and performance issues of clients querying CAs. Combined with must-staple, OCSP makes revocation reliably enforceable in TLS.
● Examples
- 01
A browser issuing an OCSP request to verify the certificate of an online banking site.
- 02
An HTTPS server with OCSP stapling enabled to deliver a fresh signed status during each TLS handshake.
● Frequently asked questions
What is OCSP (Online Certificate Status Protocol)?
An HTTP-based protocol that lets a client query a CA's responder in real time to determine whether a specific X.509 certificate is valid, revoked or unknown. It belongs to the Network Security category of cybersecurity.
What does OCSP (Online Certificate Status Protocol) mean?
An HTTP-based protocol that lets a client query a CA's responder in real time to determine whether a specific X.509 certificate is valid, revoked or unknown.
How do you defend against OCSP (Online Certificate Status Protocol)?
Defences for OCSP (Online Certificate Status Protocol) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for OCSP (Online Certificate Status Protocol)?
Common alternative names include: Online Certificate Status Protocol, OCSP stapling.