O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Online Certificate Status Protocol (OCSP)

OCSP allows more timely and structured determination of revocation status for a specific certificate. Rather than having the client download a CRL that contains all certificates revoked by the CA, the client sends a revocation status request to a responder service. The responder service provides revocation status for just that certificate, allowing the client to make a revocation decision based on the response.

The advantages of OCSP include:

  • More timely revocation information. An OCSP responder can be configured to either directly query the CA database to determine or download CRLs at prescribed intervals rather than the normal publication schedule. Both methods provide a more timely determination of when ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required