← Lessons

quiz vs the machine

Platinum1760

Networking

Certificate Revocation and OCSP

Telling clients a certificate is no longer trustworthy.

6 min read · advanced · beat Platinum to climb

When a Certificate Goes Bad

A certificate is valid until its expiry, but a key may be stolen or issued in error before then. Revocation is how an authority declares a certificate untrustworthy ahead of expiry, and clients must be able to learn about it.

Two Mechanisms

There are two classic ways to publish revocation status.

  • A certificate revocation list is a signed list of revoked serial numbers a client downloads.
  • The online certificate status protocol lets a client ask about one certificate and get a fresh signed answer.

The status protocol avoids downloading a huge list, but it adds a request and can leak which sites a user visits to the responder.

OCSP Stapling

To fix the privacy and latency cost, stapling has the server fetch its own status proof and attach it to the handshake. The client gets a recent, signed status without contacting the authority itself.

  • The server queries the responder periodically.
  • It staples the signed response into the TLS handshake.
  • The client trusts the stapled proof because it is signed and time stamped.

The Soft Fail Problem

Many clients treat an unreachable responder as acceptable, a soft fail that an attacker can exploit by blocking the check. This weakness pushes the industry toward short lived certificates that limit the window of risk.

Key idea

Revocation lets an authority distrust a certificate early, the status protocol checks one at a time, stapling delivers a fresh signed proof in the handshake, and soft fail behavior drives the move to short lived certificates.

Check yourself

Answer to earn rating on the learn ladder.

1. What advantage does the online status protocol have over a revocation list?

2. What does OCSP stapling let the server do?

3. Why is soft fail a weakness?