Online Certificate Status Protocol (OCSP)
To be able to safely use digital certificates, it is vitally important they are carefully checked for validity. This check can be done using a CRL or an OCSP.
How does OCSP work?
OCSP (Online Certificate Status Protocol) is based on the HTTP-protocol. A status check of the certificate using OCSP is executed synchronously. A request is sent to the OCSP to check a certificate, after which the OCSP server responds with the current status of the certificate in an electronically signed message. The distribution of OCSP information is done via online responders.
OCSP or CRL
A Certificate Revocation List (CRL) is a complete list containing revoked certificates from a specific Certificate Authority (CA). The list is updated periodically and has to be downloaded after being updated, which means that by the time the check can be made, the information on the list might be outdated. OCSP provides real-time status information on the validity of a single certificate, and is capable of providing that information from different CA's.