Online Certificate Status Protocol

What Does Online Certificate Status Protocol Mean?

An online certificate status protocol (OCSP) is one of the two protocols aside from certificate revocation lists (CRL) for maintaining the security of servers and other network resources. It is used for getting an X.509 digital certificate’s revocation status. The messages transmitted via OCSP over HTTP are encoded in ASN.1, which is a set of notations that describe rules and structures in telecommunications and networking. The OCSP servers are called OCSP responders because of the request/response nature of the transmission between them and the client. OCSP was actually created as an alternative for CRL to address certain problems regarding the use of CRLs in public key infrastructure (PKI).


Techopedia Explains Online Certificate Status Protocol

OCSP has many advantages over CRL. It overcomes CRL’s prime limitation: the fact that frequent downloads are required to keep things current at the client’s side. OCSP also uses very few network resources because it contains less information than a CRL. Clients do not need to parse CRLs when using OCSP, which benefits end users by reducing complexity, but this is balanced by the need to sustain a cache. OCSP does not need to be encrypted, so when it discloses information about a particular node using some form of certificate to the responder, this information could be intercepted by third parties.

In the event that a user attempts to access a server, the OCSP responder replies with a request for their certificate status information. The server the user is accessing then responds with the certificate status, which may be “current,” “expired” or even “unknown.” From there, the protocol chooses a specific syntax for the communication between the server and the client application.


Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.