What Is OCSP (Online Certificate Status Protocol)

Q

What is OCSP (Online Certificate Status Protocol)?

✍: FYIcenter.com

A

OCSP (Online Certificate Status Protocol) is an Internet protocol that allows client systems to communicate with the CA (Certificate Authority) of an X.509 digital certificate to verify the status of the certificate.

When a client system receives an X.509 digital certificate from a server, the client system should first make sure the certificate has not been revoked by the CA.

This can be done by sending an OCSP request to CA's OCSP server. The request contains the certificate's identification. The CA's OCSP server will return the current revocation status of the certificate. If the status says revoked, the certificate should be rejected.

Here is a diagram showing how a client system receives a server certificate and verifies its status using OCSP (source: venafi.com).
Certificate Status Check using OCSP

⇒ Find OCSP Server URL of Certificate CA

⇐ OCSP (Online Certificate Status Protocol)

⇑ OCSP (Online Certificate Status Protocol)

⇑⇑ Revoked Certificates - CRL and OCSP

2016-08-16, 3634👍, 0💬

What Is OCSP (Online Certificate Status Protocol)
What is OCSP (Online Certificate Status Protocol)? OCSP (Online Certificate Status Protocol) is an Internet protocol that allows client systems to communicate with the CA (Certificate Authority) of an X.509 digital certificate to verify the status of the certificate. When a client system receives an... 2016-08-16, 3635👍, 0💬

Open and View CRL File
How to open and view a CRL (Certificate Revocation List) file? I just downloaded a CRL from the certificate's CA Website. If you want to open and view the list of revoked certificates in CRL (Certificate Revocation List) file you can follow this tutorial. 1. Open the certificate by double-click the ... 2019-07-19, 2915👍, 0💬

Find OCSP Server URL of Certificate CA
How to find the OCSP server URL of certificate's CA? I want to check the status of a certificate using OCSP. If you want to find the OCSP server URL of certificate's CA to check the status of an X.509 certificate, you can follow this tutorial. 1. Open the certificate by double-click the certificate ... 2016-08-16, 2357👍, 0💬

8gwifi.org OCSP Test Tool
What is 8gwifi.org OCSP test tool? 8gwifi.org OCSP test tool is an online tool that allows to check the status of a certificate with certificate CA's OCSP server. You can follow these steps to try 8gwifi.org OCSP test tool: 1. Go to https://8gwifi.org/ocsp.jsp. 2. Copy and paste the following certif... 2016-08-13, 2355👍, 0💬

CRL File Format and Fields
What is the format of a (Certificate Revocation List) CRL file? I just downloaded a CRL from the certificate's CA Website. The format of a CRL (Certificate Revocation List) file is specified in the X.509 v2 standard, which can be summarized below. A CRL file is consists of two main parts: 1. CA Info... 2019-07-19, 2076👍, 0💬

DigiNotar Fraudulent Certificates
What are DigiNotar Fraudulent Certificates? DigiNotar Fraudulent Certificate refer to the wildcard certificate for Google by DigiNotar root CA by an attacker in 2011. On July 10, 2011, the attacker first hacked into DigiNotar's CA systems and issued a wildcard certificate for Google. This certificat... 2016-08-13, 2036👍, 0💬

Other Examples of Revoked Certificates
What are Other Examples of Revoked Certificates? Here are some other Examples of revoked certificates: MCSHOLDING TEST Certificate - 44A489AB145F3D6F203CAA7CFA19AE F4486005B5Digisign Server ID - (Enrich) Certificate - 4C4ECC2528032981 Digisign Server ID (Enrich) Certificate - C616934E1617EC16AE8C947... 2016-08-13, 1790👍, 0💬

Examples of Revoked Certificates
Where to find examples of revoked certificates? Here are examples of revoked certificates compiled by FYIcenter.com team. DigiNotar Fraudulent Certificates "Hosted by GTI Group Corporation" Certificates Other Examples of Revoked Certificates ⇒ DigiNotar Fraudulent Certificates ⇐ Certificate Revoc... 2019-07-19, 1722👍, 0💬

"Hosted by GTI Group Corporation" Certificates
What are "Hosted by GTI Group Corporation" Certificates? "Hosted by GTI Group Corporation" Certificates are some revoked certificates that have "Hosted by GTI Group Corporation" in the OU field: addons.mozilla.org Certificate - DD80D2543DF74C70CAA3B0DD347A32 E4E83B5A3Bglobal trustee Certificate - B7... 2016-08-13, 1704👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.