Online Certificate Status Protocol (OCSP) is a method for checking whether a certificate is still valid or has been revoked. It matters because relying systems often need fresher revocation status than a periodically downloaded list can provide.
What is Online Certificate Status Protocol (OCSP)?
With OCSP, a client or service queries a responder about the status of a specific certificate. This can provide more current revocation information than static CRLs, though it introduces performance, privacy, and availability considerations.
What Online Certificate Status Protocol (OCSP) Commonly Supports
Common uses include TLS certificate validation, enterprise PKI trust checking, quicker certificate compromise response, and revocation-aware client behavior.
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL)
OCSP checks the status of a specific certificate dynamically. CRLs publish broader lists of revoked certificates for later lookup.
Frequently Asked Questions
Why is OCSP useful?
Because it can provide fresher revocation information for an individual certificate than periodic list downloads alone.
Does OCSP have drawbacks?
Yes. It can add latency, availability dependencies, and privacy concerns about what certificate a client is checking.
Related Cybersecurity Terms
- Certificate Revocation List (CRL)
- Certificate Chain
- Public Key Infrastructure (PKI)
- Real-Time Revocation
