The online Certificate Status Protocol (OCSP)is a network protocol that obtains X.509 digital certificate revocation status. It is part of the Internet Public Key Infrastructure (PKI) that protects web communications.

OCSP enables clients (like web browsers) to confirm with the Certificate Authority (CA) whether a digital certificate is valid or has been revoked. This technique is more efficient and prompter in verifying certificate status than older methods like Certificate Revocation Lists (CRLs), improving digital transactions and communications security.

How Does OCSP Work?

When checking for the validity of a certificate, the client sends an OCSP request to an OCSP responder (a server operated by the issuing CA). Then, the OCSP responder verifies the request’s validity with a trustworthy CA, which responds with current, revoked, or unknown. Many popular browsers, including Microsoft Edge, Internet Explorer, Apple Safari, and Mozilla Firefox, support OCSP.

History of Online Certificate Status Protocol