The Online Certificate Security Protocol is a standard for certificate issuance and authentication. It outlines the information required for certificate status and server identification, with accepted responses including a signature from a trusted authority. The protocol was developed in 1999 by the Network Working Group and is accepted by all issuers of security certificates.
The online certificate security protocol are the standards upon which certificate issuance and authentication applications are built. The protocol indicates exactly what information must be provided to provide certificate status and identify the origin server.
When a server tries to connect to a protected computer, a certificate exchange takes place. In order for the certificate to be authenticated, there is a standard set of information that must be exchanged and verified. The online certificate security protocol indicates what this information is and the format in which it should be transmitted. Each transmission must include the protocol version, server request, and destination certificate identifier. There are also optional extensions that can be accepted by the Online Certificate Security Protocol Responder.
When the Online Certificate Security Protocol Responder receives the request, it verifies that the message is formatted correctly, that the requested servers are available at the responder, and that the requested information is included. Otherwise, an error message is sent to the author.
The protocol provides minimum standards and includes details of all possible responses. All responses from accepted certificates must have one of the following; a signature of the root certificate authority, a trusted third party, or a designated responder to authenticate the certificate duly authorized to process these requests.
The online certificate security protocol can be compared to the locksmith industry. While there is a wide range of lock companies, key companies and security options, there are consistent core functions across the industry, accepted standards form the basis for these agreements.
A hit response message has the response version, responder name, included responses, any optional extensions, algorithm signature, and signature computed along the hash of the response. The response includes the status of the certificate and has three options; good, revoked and unknown.
It is the responsibility of the online certificate security protocol client to confirm that a signed response is valid, the signer matches the recipient, the signer is authorized, the status update time is recent, and the certificate received matches the requested one.
The Online Certificate Security Protocol Rules as an Accepted Standard Format was created in June 1999, as part of a larger attempt to create a framework surrounding certificate management. The protocol was developed by the Network Working Group, with representatives from VeriSign, CertCo, ValiCert, My CFO and Entrust Technologies.
Each issuer of security certificates has signed acceptance of this protocol and integrates additional functionality into their competing product offerings while maintaining the required infrastructure. It is the cooperation of these competing companies to create and comply with a standard practice that has allowed this industry to gain widespread acceptance.
The online certificate security protocol covers a wide range of topics, including responses allowed by the certificate authenticator, required syntax, standard error message development, filing guidelines, and how to handle considerations about security and appropriate responses.
Protect your devices with Threat Protection by NordVPN
