Online Certificate Status Protocol (OCSP)
Introduction

prevnext

Online Certificate Status Protocol (OCSP)

OCSP defines a mechanism for online certificate status checking, in which a certificate recipient contacts a server (called an OCSP responder) each time it needs to check a certificate's status. OCSP is one of a broader class of approaches that call for a recipient of a message to check some server to ascertain certificate status.

In its pure form, this type of approach has the advantage of providing access to the most up-to-date certificate status information. However, it has the disadvantage of being cumbersome from a communications standpoint, because every secure communication involving n certificates requires n other network connections to ascertain the status of the certificates. Thus, OCSP is expected to be the most appropriate protocol for high-security applications requiring the most up to date certificate status information.

For more detailed information on OCSP, see RFC 2560:

http://www.ietf.org/html.charters/pkix-charter.html

prevnext


ValiCert, Inc.
http://www.valicert.com
Voice: +1.650.567.5469
Fax: (+1.650.254.2148
support@valicert.com