Contact Us

What is OCSP?

What is OCSP (Online Certificate Status Protocol)?
29 Sep 2023

What Does OCSP Mean?

OCSP stands for “Online Certificate Status Protocol.” As its name suggests, it’s a protocol specifically designed to check the revocation status of individual digital certificates. The primary role of OCSP is to determine if a certificate is still trustworthy and hasn’t been compromised.

How Does OCSP Work?

To understand OCSP’s process, let’s dive into a simplified step-by-step breakdown:

1) Client’s Request: The process begins when a client (like your web browser) questions the validity of a specific certificate. It sends a request to an OCSP responder asking about the status of that certificate.

2) OCSP Responder’s Role: The OCSP responder is not just a vague digital entity; it’s a specific server maintained by the CA. When it receives a request, it checks the status of the certificate in question against its records.

3) Status Response: Once the check is complete, the OCSP responder doesn’t keep the client waiting. It promptly sends back a response, which will indicate one of three statuses:

  1. - Good: The certificate is valid and hasn’t been revoked.

  2. - Revoked: The certificate has been deemed untrustworthy and has been revoked.

  3. - Unknown: The responder couldn’t determine the certificate's status. This could be due to several reasons, but it essentially means the responder doesn't have updated information on that certificate.

Should My Organization Use OCSP?

OCSP plays a vital role in the digital world by ensuring that digital certificates are always valid and trustworthy. Its efficiency, speed, and specificity make it a preferred method for Certificate Authorities with a large issuance footprint; however, for most PKI deployments, having a CRL only is good enough. Check out our blog on the difference between CRLs and OCSP for more information on what makes each stand out. So, the next time you’re browsing securely, know that behind the scenes, protocols like OCSP are working diligently to keep your data and identity safe.

You Might Also Want to Read