Online Certificate Status Protocol

OCSP
Online Certificate Status Protocol
Status	Proposed Standard
Year started	4 February 2002
First published	11 February 2013
Authors	Stefan Santesson; Michael Myers; Rich Ankney; Ambarish Malpani; Slava Galperin; Carlisle Adams; Mohit Sahni;
Base standards	Uniform Resource Identifier (URI); Secure/Multipurpose Internet Mail Extensions (S/MIME);
Domain	Digital certificate
Website	RFC 6960: OCSP; RFC 8954: OCSP Nonce Extension;

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.

Some web browsers (e.g., Firefox) use OCSP to validate HTTPS certificates, while others have disabled it. Most OCSP revocation statuses on the Internet disappear soon after certificate expiration.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.