OCSP Service

Online Certificate Status Protocol: Verification at source


The OCSP service can determine the state of validity of a certificate by consulting trusted servers (OCSP Responder) Validation Authority.

When performing a query URL, you get an answering digital evidence signed by ANF AC on the validity of a certificate at a given time. ANF ??AC also stores and stores a copy of each response generated.

Repositories they access the OCSP Responder servers are constantly updated and comply with the document RFC 6960 ( "Online Certificate Status Protocol Algorithm Agility") of the IETF.

The link to the OCSP service is listed in the certificate of interest.

There are multiple libraries based on different programming languages, the most common are:

For example, a query performed through OpenSSL would have the following syntax:

OpenSSL ocsp -CAfile issuer cert url

The field must be the one indicated in the "Authority Information Access" field of the certificate.

For more information, see the Validation Policy of ANF AC