OCSP(在线证书状态协议)是一种用于确定证书(如SSL、X.509)有效性和生命周期的协议,它比证书吊销列表(CRL)提供更及时的吊销信息。OCSP请求包括协议版本、服务请求和目标证书标识符。OCSP服务器通过证书序列号检查X.509或SSL证书的状态,以确保其有效性和安全性。
ocsp协议
Certificates like SSL, X.509 are used to secure network traffic. But every certificate has its own life cycle in a distributed environment like the internet we should manage them. Online Certificate Status Protocol aka OCSP is used to manage certificates validity and lifecycle.
SSL,X.509等证书用于保护网络流量。 但是每个证书在像Internet这样的分布式环境中都有其自己的生命周期,我们应该对其进行管理。 在线证书状态协议(又称OCSP)用于管理证书的有效性和生命周期。
OCSP standard is defined in RFC 6960 with the name of X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. It makes absolute previously defined certificate control protocol PKIX.
OCSP标准在RFC 6960中定义,名称为X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP 。 它使绝对先前定义的证书控制协议PKIX。
OCSP (OCSP)
The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of identified certificates. OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information. An OCSP client issues a status request to an OCSP responder and suspends acceptance of the certificates in question until the responder provides a response.
在线证书状态协议(OCSP)使应用程序可以确定已标识证书的(吊销)状态。 与CRL相比,OCSP可以用来满足提供更及时的吊销信息的一些操作要求,也可以用来获取其他状态信息。 OCSP客户端向OCSP响应者发出状态请求,并暂停接受有关证书,直到响应者提供响应为止。
OCSP要求 (OCSP Request)
When we try t make a request to the OCSP server following information must exist in an OCSP request.
当我们尝试向OCSP服务器发出请求时,OCSP请求中必须存在以下信息。
- `Protocol Version` 协议版本
- &
最低0.47元/天 解锁文章
扫一扫
340
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
