Learn how to configure the Online Certificate Status Protocol (OCSP) service in EJBCA.
The OCSP service checks the certificate status using the serial number, and the service replies with a digitally signed response that contains the certificate status. An OCSP response contains one of three values: good, revoked, or unknown. OCSP responses are smaller than CRL files and are suitable for devices with limited memory. The OCSP protocol is mainly defined in RFC 6960 and RFC 5019.
EJBCA also supports another method to convey information about revoked certificates: Certificate Revocation Lists (CRLs).
In this tutorial video, you will learn how to quick start OCSP functionality in EJBCA without configuring an external signer service. We will look into how to set up EJBCA as an external OCSP Service (Validation Authority) and how to configure the OCSP URL in the Certificate Profile and certificate authority (CA) settings.
A running EJBCA instance that is accessible via the CA UI.
Note: In this tutorial, the following version is used: EJBCA CE 8.1 beta
Check out the supplementary EJBCA and OCSP documentation.
Get your hands on the EJBCA Docker container by downloading it now.
Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.
You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.