![]() ![]() ![]()
The OCSP request format supports additional extensions. If it cannot process the request, it may return an error code. Bob completes the transaction with Alice.Īn OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'.Bob uses Carol's public key to verify Carol's response. Bob has stored Carol's public key sometime before this transaction. Bob cryptographically verifies Carol's signed response.Carol's OCSP responder confirms that Alice's certificate is still OK, and returns a signed, successful 'OCSP response' to Bob.In this scenario, Carol's CA database is the only trusted location where a compromise to Alice's certificate would be recorded. The OCSP responder looks in a CA database that Carol maintains. #Wireshark https status code from website serial number#The OCSP responder uses the certificate serial number to look up the revocation status of Alice's certificate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |