OCSP is short for Online Certificate Status Protocol. Tecxoft OCSP Responder complies with IETF RFC 2560. Applications send request to OCSP responder for checking status of concerned certificate. The OCSP server responds with real-time response, this method is used for checking the revocation of a certificate in real-time. Other way of checking revocation is CRL method, in which CRL is downloaded and certificates are checked if any one appear in the CRL. If a certificate's serial number appears in the CRL, it is considered revoked, all CRL entries also have a revocation reason. All this functionality is programmed into software applications. OCSP response is small in size as compared to a CRL file. OCSP response is digitally signed with the private key of the certificate issuer.
Revocation information (OCSP or CRL) is required for creating long-term valid or LTV signatures. Revocation information is embedded in the signature, as a proof that, certificate was not expired or revoked at the time of signature computation.
To know more about products, please click here.