online certificate status protocol (PKI) (OCSP)

The Online Certificate Status Protocol (OCSP) is a security protocol for online checking of the current status of a certificate. The status query via OCSP is used to determine whether a certificate is still valid or is revoked.

According to the procedure, an OCSP client sends a status request to the OCSP server, which responds with good, revoked or unknown. OCSP is an extension of the established Certificate Revocation List( CRL), which always has to be downloaded as a complete revocation list, whereas OCSP focuses on the status query of a single certificate. The requests sent to the OCSP server are answered by the certificate authority( CA), which updates the status of the certificates in the server.

The OCSP protocol was specified and standardized by the Internet Engineering Task Force( IETF), partially replaces the older revocation lists and builds on HTTP.