ADSS OCSP Service Overview
The OCSP Service is a server module that provides information on the revocation status of digital certificates in real-time. It is compliant with IETF RFC 6960 Online Certificate Status Protocol (OCSP). A typical workflow is as follows:
- An end customer sends a signed email, signed purchase order, invoice, report, etc. The signers’ certificates may have been issued by various different CAs.
- The Relying Party client application wishes to delegate the complexity of certificate status checking to the ADSS Server, hence it makes an OCSP request to the ADSS OCSP Service and passes the digital certificate(s) identifier within this request.
The ADSS OCSP Service performs all the standard certificate status checks and returns the OCSP response to the client application.
Note the ADSS Server may not be authoritative for the certificate whose status is being requested. In this case it can make a new OCSP request and send this to the external OCSP server responsible for this certificate. The response received back from the peer OCSP responder is then received by the ADSS Server and can be relayed back to the original requestor.
High Availability, High Performance Deployment
ADSS Server, and in particular services such as ADSS OCSP can be deployed in a high-availability, load-balanced configuration.
See also
Identity Proven, Trust Delivered
ADSS Server Features and Benefits
ADSS Server Trust Services
ADSS Server Architecture & Interfaces
ADSS Signing Service Overview
ADSS Verification Service Overview
ADSS Certification Service Overview
ADSS OCSP Service Overview
ADSS TSA Service Overview
ADSS XKMS Service Overview
ADSS SCVP Service Overview
ADSS LTANS Service Overview
ADSS Decryption Service Overview
ADSS CRL Monitor Overview