OCSP is short for Online Certificate Status Protocol. Tecxoft OCSP Responder complies with IETF RFC 2560. Applications send request to OCSP responder for checking status of concerned certificate. The OCSP server responds with real-time response. This method is used for checking the revocation of a certificate. Other way of checking revocation is CRL method, in which CRL is downloaded and certificates are checked if any one appear in the CRL. If a certificate's serial number appears in the CRL, it is considered revoked, a CRL entry also has a revocation reason. All these functions are programmed in computer applications. CRLs can be large files but an OCSP response is small in size. Private key of the certificate issuer is used to digitally sign the OCSP response.
OCSP or revocation information is required for creating long-term (LTV) valid signatures. Revocation information is embedded in the signature, to prove, certificate was valid at the time signature was created.
To get more information about Tecxoft products please click here.