OCSP Process Copy

  • OCSP client searches for locally cached time valid OCSP response from prior query
  • OCSP client sends HTTP or HTTPS request to OCSP responder for certificate status providing the certificate serial # of interest
  • OCSP responder replies with a signed response that includes the revocation status of the certificate based on its cached knowledge from the CA issued CRL
  • OCSP client validates the signature of the response prior to accepting and caching the response
  • Valid response cached for remaining duration of OCSP responder cached CRL
Additional Learning

RFC 2560 – Online Certificate Status Protocol

RFC 5019 – Lightweight Online Certificate Status Protocol

Scroll To Top