- OCSP client searches for locally cached time valid OCSP response from prior query
- OCSP client sends HTTP or HTTPS request to OCSP responder for certificate status providing the certificate serial # of interest
- OCSP responder replies with a signed response that includes the revocation status of the certificate based on its cached knowledge from the CA issued CRL
- OCSP client validates the signature of the response prior to accepting and caching the response
- Valid response cached for remaining duration of OCSP responder cached CRL
Additional Learning
RFC 2560 – Online Certificate Status Protocol
RFC 5019 – Lightweight Online Certificate Status Protocol
