What is OCSP?

OCSP is Online Certificate Status Protocol, a mechanism to check in real time whether a digital certificate has been revoked. Instead of downloading a full certificate revocation list, a client queries an OCSP responder with the certificate’s issuer information and serial number. The responder replies with a status: good if the certificate is still valid, revoked if it was revoked, or unknown if the status can’t be determined. The response is digitally signed by the issuing CA, and the client verifies the signature and the freshness of the information. This makes revocation checks fast and scalable during activities like TLS handshakes, and sometimes the latest OCSP response is provided by the server through OCSP stapling to improve efficiency.