jspωiki
OCSP Stapling

Overview[1]#

OCSP Stapling (RFC 6961) is formally known as the The Transport Layer Security (TLS) Multiple Certificate Status Request Extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of X.509 digital certificates.

OCSP Stapling allows the presenter of a certificate to bear the resource cost involved in providing Online Certificate Status Protocol responses by appending ("stapling") a time-stamped OCSP response signed by the Certificate Authority to the initial TLS Handshake, eliminating the need for clients to contact the Certificate Authority.

RFC 6961 Also defined is a new method based on the Online Certificate Status Protocol (OCSP) that servers can use to provide status information about not only the server's own certificate but also the status of Intermediate Certificates in the Certificate Chain.

More Information#

There might be more information for this subject on one of the following: