Revocation Check - OCSP

Certificate authorities use Online Certificate Status Protocol (OCSP) to obtain the revocation status of x.509 digital certificates. When a user requests the validity of a certificate, an OCSP request is sent to an OCSP server to check the specific certificate with a trusted certificate authority using either an HTTP POST request with a DER-encoded request body or an HTTP GET request with a URL-safe Base64-encoded request path. The CA responds with one of the following certificate status values: good, revoked, or unknown response.

The client can submit the certificate status request to the CA

AppViewX OCSP Responder now supports both HTTP GET and POST methods in compliance with RFC 6960, ensuring interoperability with platforms such as Azure Application Gateway, which exclusively uses HTTP GET.

Note: No configuration changes are required to enable HTTP GET support; it is automatically supported alongside HTTP POST on the same /ocsp endpoint.

Prerequisites

OCSP URL must be published in the AIA field of the certificate with the AppViewX OCSP server URL.
Plugins required: OCSP Server and OCSP Generator must be deployed for OCSP to work.

You can then proceed to select one or more certificates from the inventory and click Actions > Revocation Check to perform revocation validation. Once validated, the certificate status is updated in the color code of the Common Name column.