Free Downloads
Home > Products > OpenTrust OCSP
OpenTrust OCSP
OpenTrust OCSP is used to obtain the real-time revocation status of digital certificates
Benefits Overview Architecture Screenshots Highlights Customer Case Study
Benefits
  • Real-time verification of the validity of X.509 certificates
  • A low TCO solution, widely adopted throughout the market
  • Native integration into the information system
  • Performance-optimized architecture
  • Integrated support for multiple certification authorities
  • Native integration with OpenTrust’s PKI
  • Compatible with most leading PKIs
  • Modular and flexible architecture for easy operations
Overview

In an environment of trust it is of upmost importance to verify the validity of each digital certificate. As a general rule, two communicating parties with certificates issued by the same certification authority (CA) can check the validity of the other party’s certificate using either the CRL (Certificate Revocation List) mechanism or by sending an OCSP request.

There are, however, certain drawbacks to downloading the CRL in order to verify a certificate’s status. These drawbacks are notably clogged bandwidth and latency due to the potentially large size of the CRL.

The OCSP protocol is described in the RFC 2560 specifications (X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP) and is based on the HTTP protocol. The certificate status check is performed in a synchronous manner: a request containing the certificate to check is sent to the OCSP server which returns the current status of the certificate in an electronically signed message.

OpenTrust OCSP provides instant certificate status verification and hence eliminates all problems encountered by most large organizations when using CRLs. OpenTrust OCSP can be used with a Hardware Security Module (HSM) upon which the OSCP signing keys are securely stored.

OpenTrust OCSP’s modular architecture has been designed to optimize both performance and scalability. What’s more, OpenTrust OCSP can verify certificates issued by more than one CA for an efficient, pooled validation service.

Architecture

Architecture OCSP

Screenshots

Highlights
  • Support for multiple certification authorities
  • Third-party PKI support
  • Strong authentication via Web-based administration console
  • Approximately 1000 requests per second and per server (for a typical environment)
  • Web 2.0 administration interface


Main Technical Characteristics
  • High-availability of trust architecture
  • HSM support (Utimaco, Thales nCipher, Bull, etc.)
  • Native integration into Microsoft environment (Vista/7/2008 and later)
  • RFC 2560 compliant
Customer Case Study
Product Information
Enquiries

Contact | Legal Notice | Privacy statement

Copyright © 2012 Keynectis, All Rights Reserved