OCSP - Online Certificate Status Protocol


RFC 6960

Internet protocol used for obtaining the revocation status of an X.509 digital certificate.

* Since an OCSP response contains less information than a typical certificate revocation list (CRL),
 it puts less burden on network and client resources.




Server -- signed, successful 'OCSP response'  --> Client

An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'. If it cannot process the request, it may return an error code.

OCSP can be vulnerable to replay attacks, where a signed, 'good' response is captured by a malicious intermediary and replayed to the client at a later date after the subject certificate may have been revoked.

OCSP can support more than one level of CA. OCSP requests may be chained between peer responders to query the issuing CA appropriate for the subject certificate, with responders validating each other's responses against the root CA using their own OCSP requests.

The key that signs a response need not be the same key that signed the certificate. The certificate's issuer may delegate another authority to be the OCSP responder.

Privacy concerns

OCSP checking creates a privacy concern for some users, since it requires the client to contact a third party

OCSP stapling

OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of X.509 digital certificates.

In a stapling scenario, the certificate holder queries the OCSP server themselves at regular intervals, obtaining a signed time-stamped OCSP response. When the site's visitors attempt to connect to the site, this response is included ("stapled") with the TLS/SSL Handshake via the Certificate Status Request extension response (note: the TLS client must explicitly include a Certificate Status Request extension in its ClientHello TLS/SSL handshake message).

Server side:

Apache HTTP Server supports OCSP stapling since version 2.3.3

On the browser side:

OCSP stapling was implemented in Firefox 26,[5][16] in Internet Explorer since Windows Vista,

* OCSP stapling supports only one OCSP response at a time, which is insufficient for certificate chains with intermediate CA certs.
(This limitation has been addressed by Multiple Certificate Status Request Extension)

Creative Commons license icon Creative Commons license icon