Tag Archives: OCSP

SSL Review: March 2014

March 13, 2014 by Bruce Morton     No Comments

Here is a monthly SSL review of discussions about SSL (and possibly other digital certificates) from the last month. Entrust Identity ON discussed the following: Always-ON SSL Moving to TLS 1.2 Bogus SSL Certificates OCSP Stapling Apple SSL Bug CA Security Council discussed the following: Always-On SSL, Part II Ten Steps to Take If Your [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: Apple, OCSP, SSL

OCSP Stapling

February 24, 2014 by Bruce Morton     1 Comment

Digital certificate status is provided by the certificate revocation list (CRL) and online certificate status protocol (OCSP). The CRL is a list of all certificates that have been revoked. If the serial number is not on the list it is assumed to be good. OCSP provides a response for all certificates. In layman’s terms, the [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: OCSP, OCSP stapling, RFC 5019

IETF 86 – Web PKI Working Group

March 22, 2013 by Bruce Morton     No Comments

At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group.

SSL Certificate Status Checking

March 12, 2013 by Bruce Morton     No Comments

As part of its effort to promote SSL certificate best practices, the CA Security Council (CASC) has offered a couple of blogs on the importance of revocation checking

Certificate Authority Security Council

February 14, 2013 by Bruce Morton     No Comments

Today, the leading global certification authorities (CA) launched the Certificate Authority Security Council (CASC). The CASC is made up of publicly trusted CAs that issue SSL certificate to protect more than 95 percent of the global websites.

Lights Out: Super Bowl and OCSP

February 4, 2013 by Bruce Morton     No Comments

We were monitoring the performance of our OCSP service over the weekend and found an odd dip related to the Super Bowl.

Short-Lived Certificates

August 21, 2012 by Bruce Morton     2 Comments

Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a [Read More...]

Digital Certificate Revocation – What the Future Holds

April 19, 2012 by Tim Moses     No Comments

When you tell people that revocation doesn’t work, they tend to look at you incredulously: “You’ve got all these solutions: full CRLs, CRL distribution points, delta-CRLs, indirect CRLs, OCSP, stapled OCSP. Surely one of those will work.” That’s the problem, right there. There are so many protocol and configuration choices that no two products or [Read More...]