OCSP RESPONDER

Digital certificates play a central role in the security of many applications and systems, ranging from enterprise PKIs to digital rights management and electronic passports. Accordingly, the ability to revoke certificates on demand is also crucial to these applications.

What is OCSP?

Traditionally, revocation has been implemented by publishing Certificate Revocation Lists (CRLs). Practical and security issues can arise due to the size of the CRLs and the delay in updating relying parties. To address this, the Online Certificate Status Protocol (OCSP) was developed to provide real-time certificate status information, for the required certificates only.

The Cryptomathic OCSP Responder delivers OCSP services to the most demanding applications. It combines best-in-class security with high performance and availability, whilst integrating seamlessly with new or existing PKI deployments.

OCSP Responder Diagram

Benefits of the OCSP Responder

  • Real-time status information
  • Query required certificates only
  • Simple integration
  • Remote administration client
  • Scale-out clustering
  • Supports a number of HSMs