Skip to main content
Certyneo
Glossary term · O

OCSP (Online Certificate Status Protocol)

Definition

OCSP (Online Certificate Status Protocol, RFC 6960) is a protocol for real-time verification of the revocation status of a digital certificate, by querying an OCSP responder operated by the certification authority. Why revocation matters: a certificate can be valid by date yet revoked early (key compromise, employee departure), so a signature or TLS connection must check status, not just expiry. OCSP vs CRL: OCSP is a lighter, more responsive alternative to a CRL — instead of downloading a full revocation list, the client asks about one certificate and gets a small signed answer (good / revoked / unknown). OCSP Stapling: to avoid a privacy leak and an extra round-trip, the server fetches its own OCSP response and "staples" it into the TLS handshake, so the browser never contacts the CA directly. In signed documents: OCSP responses are embedded inside the PDF at signing time for long-term validation (LTV), so the signature can still be verified years later even if the responder is offline.

Ready to put these concepts into practice?

Certyneo lets you create eIDAS-compliant signature envelopes in just a few clicks, with no installation required.