OpenTrust OCSP | OpenTrust

By: Opentrust Trust & Security Software  09-12-2011
Keywords: Public Key


In an environment of trust it is of upmost importance to verify the validity of each digital certificate. As a general rule, two communicating parties with certificates issued by the same certification authority (CA) can check the validity of the other party’s certificate using either the CRL (Certificate Revocation List) mechanism or by sending an OCSP request.

There are, however, certain drawbacks to downloading the CRL in order to verify a certificate’s status. These drawbacks are notably clogged bandwidth and latency due to the potentially large size of the CRL.

The OCSP protocol is described in the RFC 2560 specifications (X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP) and is based on the HTTP protocol. The certificate status check is performed in a synchronous manner: a request containing the certificate to check is sent to the OCSP server which returns the current status of the certificate in an electronically signed message.

OpenTrust OCSP provides instant certificate status verification and hence eliminates all problems encountered by most large organizations when using CRLs. OpenTrust OCSP can be used with a Hardware Security Module (HSM) upon which the OSCP signing keys are securely stored.

OpenTrust OCSP’s modular architecture has been designed to optimize both performance and scalability. What’s more, OpenTrust OCSP can verify certificates issued by more than one CA for an efficient, pooled validation service.

Keywords: Public Key

Contact Opentrust Trust & Security Software

Email - none provided

Print this page

Other products and services from Opentrust Trust & Security Software


Services | OpenTrust

In conjunction with our high level of technical know-how, our unique expertise gained from numerous large, multi-site and complex PKI and smart card deployments will help you ensure the success of your security project, and make certain that factors that might jeopardize its successful outcome are not overlooked.


OpenTrust SCM | OpenTrust

The widespread use of digital certificates for strong authentication, encryption and electronic signatures requires that digital identities be securely stored on cryptographic devices such as smart cards or tokens. OpenTrust SCM is a full-featured and reliable solution for the comprehensive management of these devices and credentials from the heart of the security system itself through to the end-user.


OpenTrust PKI | OpenTrust

It oversees the complete credential management for Public Key certificates in IT infrastructures and is compatible with any kind of smart card or token that can hold an X.509 certificate and a key pair. It manages the entire life cycles of the digital identities of all entities, users, devices and applications within the IT system, providing the foundations for a secure and trusted ecosystem.


Products | OpenTrust

In addition to its licensed software products, OpenTrust also proposes OpenTrust TaaS for secure management of electronic, paperless transactions and communications in the OpenTrust private cloud. OpenTrust is dedicated to developing flexible security solutions designed to help today’s enterprises meet complex security challenges and establish agile, end-to-end trusted IT infrastructures.