Online Certificate Status Protocol
   HOME

TheInfoList



OR:

The Online Certificate Status Protocol (OCSP) is an
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
protocol used for obtaining the revocation status of an X.509
digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, informa ...
. It was created as an alternative to
certificate revocation list In cryptography, a certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". Publicly trusted C ...
s (CRL), specifically addressing certain problems associated with using CRLs in a
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...
(PKI). Messages communicated via OCSP are encoded in
ASN.1 Abstract Syntax Notation One (ASN.1) is a standard interface description language (IDL) for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networ ...
and are usually communicated over
HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...
. The "request/response" nature of these messages leads to OCSP servers being termed ''OCSP responders''. Some
web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
s (e.g.,
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
) use OCSP to validate
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
certificates, while others have disabled it. Most OCSP revocation statuses on the Internet disappear soon after certificate expiration. Certificate authorities (CAs) were previously required by the CA/Browser Forum to provide OCSP service, but this requirement was removed in July 2023 , making OCSP optional and CRLs required again.
Let's Encrypt Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
has announced that OCSP services will be shut down on August 6, 2025.


Comparison to CRLs

* Since an OCSP response contains less data than a typical
certificate revocation list In cryptography, a certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". Publicly trusted C ...
(CRL), it puts less burden on network and client resources. * Since an OCSP response has less data to
parse Parsing, syntax analysis, or syntactic analysis is a process of analyzing a string of symbols, either in natural language, computer languages or data structures, conforming to the rules of a formal grammar by breaking it into parts. The term ''pa ...
, the client-side
libraries A library is a collection of Book, books, and possibly other Document, materials and Media (communication), media, that is accessible for use by its members and members of allied institutions. Libraries provide physical (hard copies) or electron ...
that handle it can be less complex than those that handle CRLs. * OCSP discloses to the responder that a particular network host used a particular certificate at a particular time. OCSP does not mandate encryption, so other parties may intercept this information.


Basic PKI implementation

#
Alice and Bob Alice and Bob are fictional characters commonly used as placeholders in discussions about cryptography, cryptographic systems and Cryptographic protocol, protocols, and in other science and engineering literature where there are several partici ...
have
public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a Key authentication, public key. The certificate includes the public key and informati ...
s issued by Carol, the
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA). # Alice wishes to perform a transaction with Bob and sends him her certificate. # Bob, concerned that Alice's private key may have been compromised, creates an 'OCSP request' that contains Alice's certificate serial number and sends it to Carol. # Carol's OCSP responder reads the certificate serial number from Bob's request. The OCSP responder uses the certificate serial number to look up the
revocation Revocation is the act of wikt:recall, recall or annulment. It is the cancelling of an act, the recalling of a grant or privilege, or the making void (law), void of some deed previously existing. A temporary revocation of a grant or privilege is c ...
status of Alice's certificate. The OCSP responder looks in a CA database that Carol maintains. In this scenario, Carol's CA database is the only trusted location where a compromise to Alice's certificate would be recorded. # Carol's OCSP responder confirms that Alice's certificate is still OK, and returns a signed, successful 'OCSP response' to Bob. # Bob cryptographically verifies Carol's signed response. Bob has stored Carol's public key some time before this transaction. Bob uses Carol's public key to verify Carol's response. # Bob completes the transaction with Alice.


Protocol details

An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'. If it cannot process the request, it may return an error code. The OCSP request format supports additional extensions. This enables extensive customization to a particular PKI scheme. OCSP can be vulnerable to replay attacks, where a signed, 'good' response is captured by a malicious intermediary and replayed to the client at a later date after the subject certificate may have been revoked. OCSP allows a nonce to be included in the request that may be included in the corresponding response. Because of high load, most OCSP responders do not use the nonce extension to create a different response for each request, instead using presigned responses with a validity period of multiple days. Thus, the replay attack is a major threat to validation systems. OCSP can support more than one level of CA. OCSP requests may be chained between peer responders to query the issuing CA appropriate for the subject certificate, with responders validating each other's responses against the root CA using their own OCSP requests. An OCSP responder may be queried for revocation information by delegated path validation (DPV) servers. OCSP does not, by itself, perform any DPV of supplied certificates. The key that signs a response need not be the same key that signed the certificate. The certificate's issuer may delegate another authority to be the OCSP responder. In this case, the responder's certificate (the one that is used to sign the response) must be issued by the issuer of the certificate in question, and must include a certain extension that marks it as an OCSP signing authority (more precisely, an extended key usage extension with the OID )


Privacy concerns

OCSP checking creates a privacy concern for some users, since it requires the client to contact a third party (albeit a party trusted by the client software vendor) to confirm certificate validity. This third party could thus track what websites the client is accessing. OCSP stapling is a way to verify validity without disclosing browsing behavior to the CA.


Criticisms

OCSP-based revocation is not an effective technique to mitigate against the compromise of an HTTPS server's private key. An attacker who has compromised a server's private key typically needs to be in a man-in-the-middle position on the network to abuse that private key and impersonate a server. An attacker in such a position is also typically in a position to interfere with the client's OCSP queries. Because most clients will silently ignore OCSP if the query times out, OCSP is not a reliable means of mitigating HTTPS server key compromise. The MustStaple TLS extension in a certificate can require that the certificate be verified by a stapled OCSP response, mitigating this problem. OCSP also remains a valid defense against situations where the attacker is not a "man-in-the-middle" (code-signing or certificates issued in error). The OCSP protocol assumes the requester has network access to connect to an appropriate OCSP responder. Some requesters may not be able to connect because their local network prohibits direct Internet access (a common practice for internal nodes in a data center). Forcing internal servers to connect to the Internet in order to use OCSP contributes to the de-perimeterisation trend. The OCSP stapling protocol is an alternative that allows servers to cache OCSP responses, which removes the need for the requestor to directly contact the OCSP responder.


Browser support

There is wide support for OCSP amongst most major browsers: *
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
is built on the CryptoAPI of
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
and thus starting with version 7 on
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
(not XP) supports OCSP checking. * All versions of
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curren ...
support OCSP checking. Firefox 3 enables OCSP checking by default. *
Safari A safari (; originally ) is an overland journey to observe wildlife, wild animals, especially in East Africa. The so-called big five game, "Big Five" game animals of Africa – lion, African leopard, leopard, rhinoceros, African elephant, elep ...
on macOS supports OCSP checking. It is enabled by default as of Mac OS X 10.7 (Lion). Prior to that, it has to be manually activated in Keychain preferences. * Versions of
Opera Opera is a form of History of theatre#European theatre, Western theatre in which music is a fundamental component and dramatic roles are taken by Singing, singers. Such a "work" (the literal translation of the Italian word "opera") is typically ...
from 8.0 to the current version support OCSP checking. However,
Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
is an outlier. Google disabled OCSP checks by default in 2012, citing latency and privacy issues and instead uses their own update mechanism to send revoked certificates to the browser.


Implementations

Several
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
and proprietary OCSP implementations exist, including fully featured servers and
libraries A library is a collection of Book, books, and possibly other Document, materials and Media (communication), media, that is accessible for use by its members and members of allied institutions. Libraries provide physical (hard copies) or electron ...
for building custom applications. OCSP client support is built into many
operating systems An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
,
web browsers A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scree ...
, and other network
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
due to the popularity of
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
and the
World Wide Web The World Wide Web (WWW or simply the Web) is an information system that enables Content (media), content sharing over the Internet through user-friendly ways meant to appeal to users beyond Information technology, IT specialists and hobbyis ...
.


Server


Open source

* Boulder, CA and OCSP responder developed and used by
Let's Encrypt Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
( Go) * DogTag, Open source certificate authority CA, CRL and OCSP responder. * EJBCA, CA and OCSP responder (
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
) * XiPKI, CA and OCSP responder. With support of RFC 6960 and SHA3 (
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
) * OpenCA OCSP Responder Standalone OCSP responder from the OpenCA Project ( C)


Proprietary

* Certificate Services CA and OCSP responder included with Windows Server


Library


Open source

* cfssl (Go) *
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...
( C) * wolfSSL ( C)


Client


See also

*
Certificate revocation list In cryptography, a certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". Publicly trusted C ...
*
Certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
* Server-based Certificate Validation Protocol * OCSP stapling * Certificate Transparency


References


External links

* /tools.ietf.org/html/rfc2560 RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP* /tools.ietf.org/html/rfc4806 RFC 4806, Online Certificate Status Protocol (OCSP) Extensions to IKEv2* /tools.ietf.org/html/rfc5019 RFC 5019, The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments* /tools.ietf.org/html/rfc6960 RFC 6960, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP
Processor.com April, 2009 article about Online Certificate Status Protocol
{{SSL/TLS Public key infrastructure Cryptographic protocols Internet Standards Internet protocols Transport Layer Security Certificate revocation