Glossary term · O
OCSP (Online Certificate Status Protocol)
Definition
OCSP (Online Certificate Status Protocol, RFC 6960) is a protocol for real-time verification of the revocation status of a digital certificate, by querying an OCSP responder operated by the certification authority. Why revocation matters: a certificate can be valid by date yet revoked early (key compromise, employee departure), so a signature or TLS connection must check status, not just expiry. OCSP vs CRL: OCSP is a lighter, more responsive alternative to a CRL — instead of downloading a full revocation list, the client asks about one certificate and gets a small signed answer (good / revoked / unknown). OCSP Stapling: to avoid a privacy leak and an extra round-trip, the server fetches its own OCSP response and "staples" it into the TLS handshake, so the browser never contacts the CA directly. In signed documents: OCSP responses are embedded inside the PDF at signing time for long-term validation (LTV), so the signature can still be verified years later even if the responder is offline.
Associated guides
Related terms
Ready to put these concepts into practice?
Certyneo allows you to create eIDAS-compliant signature envelopes in a few clicks, without installation.