Most applications that depend on X.509 certificates need to validate the status of the certificates used when performing authentication, signing, or encryption operations.
This certificate validity and revocation check are performed for all certificates in a certificate chain, up to the root one. If any of the certificates in a chain is invalid, it causes the invalidity of the whole chain.
The following aspects should be checked during the validation:
- The signature of each certificate in a chain is valid;
- The current date and time are within each certificate's expiration date;
- The data of each certificate is not corrupted or malformed.
Additionally, each certificate in a chain should be checked for its revocation status. Either a certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) response can be used for revocation checking.
An online certificate status protocol (OCSP) is a protocol for maintaining the security of servers and other network resources. It is used in order to get a revocation status of an X.509 digital certificate.
OCSP servers are usually called OCSP responders, as the transmission between them and the client has the request/response nature. Actually, OCSP was created as an alternative for CRL in order to address certain issues regarding the use of CRLs in public key infrastructure (PKI).
OCSP Stapling improves performance by providing a digitally signed and timestamped version of the OCSP response directly on the web server that the client is connecting to. This stapled OCSP response is then refreshed at predefined intervals set by the CA. The stapled OCSP response allows the web server to include the OCSP response within the initial SSL handshake, without the need for the user to make a separate external connection to the CA server.
- Improvement of SSL handshake connection speed by combining two requests into one. It reduces the time of loading an encrypted webpage.
- Maintenance of end-user privacy. Certificate Authorities check OCSP requests rather than web pages the users visited
- Not all browsers or web servers support OCSP Stapling.
If OCSP Stapling is not enabled either on the browser or the web server, it is not used and validity status lookup will be reverted automatically to OCSP checking directly with the Certificate Authority.
Below you may find the list of browsers which support OCSP stapling:
- Opera - version 8.0 and above
- Firefox - enabled by default in version 26 and above
- Internet Explorer - version 7.0 (Windows Vista) and above
- Safari - on Mac OS X 10.7 and above
- Google Chrome - Chrome 9.0.x and above
- Windows Server 2008 - Kerberos client will request OCSP stapling when using PKINIT by default
- NSS (Network Security Services) - included in version 3.15 and above
- The OpenSSL project included support in their 0.9.8g release
- Apache HTTP Server supports OCSP stapling since version 2.3.3
- NGINX web server since version 1.3.7
- LiteSpeed Web Server since version 4.2.4
- Microsoft's IIS since Windows Server 2008
OCSP stapling setup and test
The instructions on how to configure OCSP Stapling can be found below:
If you would like to check the OCSP status, the following OpenSSL command with -status flag should be used:
openssl s_client -connect example.com:443 -status