OCSP - Service

Online Certificate Status Protocol (OCSP) consultation

ANF AC Malta Ltd (ANF AC) is a Qualified Trust Service Provider (QSTP), duly registered with the Registry of Companies in Malta with registration number C75870 and VAT number MT 23399415.

The OCSP service can determine the validity status of a certificate by consulting trusted servers of the Validation Authority (OCSP Responder). When performing a query by URL, digital evidence signed by ANF AC is obtained, regarding the validity of a certificate at a given time. ANF AC also stores and custodies a copy of each response generated. The consultation of the OCSP must be made using the POST method.

The repositories accessed by the OCSP Responder servers are constantly updated and in compliance with the RFC 6960 ( "Online Certificate Status Protocol Algorithm Agility") of the IETF.
The link to the OCSP service appears outlined in the certificate of interest.

There are multiple libraries based on different programming languages, the most common are:

• CryptoAPI Microsoft: The Microsoft Cryptographic libraries include default OCSP protocol support in its .NET platform: http://msdn.microsoft.com/en-us/library/aa380253(VS.85).aspx

• BouncyCastle (http://www.bouncycastle.org) and Novosec Extensions (http://sourceforge.net/projects/novosec-bc-ext): Set of cryptographic libraries that implement the OCSP protocol in the Java language and C #

• OpenSSL (http://www.openssl.org): It is an extension of the OpenSSL cryptographic library that implements the OCSP protocol in C language.

• Adobe Reader: The latest versions allow validation of certificates included in PDF documents.

For example, a query made through OpenSSL would have the following syntax:

OpenSSL ocsp -CAfile issuer cert url

The field shall be indicated in the "Authority Information Access" field of the certificate.

Contact Us