Tools

OCSP - LDAP SERVICES


Information related to ANF Certification Authority OCSP - LDAP services.

OCSP Services

Online Certificate Status Protocol.

Information related to the ANF Certification Authority OCSP Responder Service.



Online Certificate Status Protocol: Source Verification

The OCSP service makes it possible to determine the validity status of a certificate by consulting the trusted servers (OCSP Responder) of the Validation Authority.

When a query is made by URL, a digital evidence signed by ANF Certification Authority on the validity of a certificate at a given time is obtained as a response. ANF Certification Authority also stores and keeps a copy of each response generated.

The repositories accessed by the OCSP Responder servers are permanently updated, and comply with the document RFC 6960 ("Online Certificate Status Protocol Algorithm Agility") of the IETF.

The link to the OCSP service is listed in the certificate of interest itself.



There aremany libraries based on different programming languages, the most common ones are:



For example, a query via OpenSSL would have the following syntax:

OpenSSL ocsp -CAfile issuer cert url

The field shall be the one indicated in the "Authority Information Access" field of the certificate.

For more information please refer to the ANF Certification Authority Validation Policy.