Tools
OCSP - LDAP SERVICES
Information related to ANF Certification Authority OCSP - LDAP services.
OCSP Services
Online Certificate Status Protocol.
Information related to the ANF Certification Authority OCSP Responder Service.
Online Certificate Status Protocol: Source Verification
The OCSP service makes it possible to determine the validity status of a certificate by consulting the trusted servers (OCSP Responder) of the Validation Authority.
When a query is made by URL, a digital evidence signed by ANF Certification Authority on the validity of a certificate at a given time is obtained as a response. ANF Certification Authority also stores and keeps a copy of each response generated.
The repositories accessed by the OCSP Responder servers are permanently updated, and comply with the document RFC 6960 ("Online Certificate Status Protocol Algorithm Agility") of the IETF.
The link to the OCSP service is listed in the certificate of interest itself.
There aremany libraries based on different programming languages, the most common ones are:
- CryptoAPI of Microsoft: Microsoft's cryptographic libraries include OCSP protocol support by default in its .NET platform: http://msdn.microsoft.com/en-us/library/aa380253 (VS.85).aspx
- OpenSSL (http://www.openssl.org): It is an extension of the OpenSSL cryptographic library that implements the OCSP protocol in C language.
For example, a query via OpenSSL would have the following syntax:
OpenSSL ocsp -CAfile issuer cert url
The field shall be the one indicated in the "Authority Information Access" field of the certificate.
For more information please refer to the ANF Certification Authority Validation Policy.