OCSP Services - LDAP


What is OCSP?

Online certificate status protocol: verification at source

The OCSP service allows determining the validity status of a certificate by consulting the trusted servers (OCSP Responder) of the Validation Authority.

When a query is made by URL, a digital evidence signed by ANF AC about the validity of a certificate at a given time is obtained as a response. ANF AC also stores and keeps a copy of each response generated.

The repositories accessed by the OCSP Responder servers are permanently updated, and comply with the IETF document RFC 6960 ("Online Certificate Status Protocol Algorithm Agility").

The link to the OCSP service is listed in the certificate of interest itself.

Programming libraries

Microsoft CryptoAPI:

Microsoft's cryptographic libraries include OCSP protocol support by default in its .NET platform: http://msdn.microsoft.com/en-us/library/aa380253 (VS.85).aspx

OpenSSL (http://www.openssl.org):

This is an extension of the OpenSSL cryptographic library that implements the OCSP protocol in C language.


For example, a query performed through OpenSSL would have the following syntax:

OpenSSL ocsp -CAfile issuer cert url

The field must be the one indicated in the "Authority Information Access" field of the certificate.

For more information consult the ANF AC Validation Policy


LDAP service


The Lightweight Directory Access Protocol (LDAP) provides a standardized method for storing certificates and CRL lists of revoked certificates.

The current version, LDAPv3 is detailed in the Internet Engineering Task Force (IETF)RFC 4510

This directory system is offered to Registration Authorities and users, and can be consulted from a browser or software enabled for this purpose (LDAP browser), through the address ldap://ldap.anf.es.


Conviértete en PARTNER