GlobalTrustFinder: Online OCSP ( RFC 2560) checking service

About this Service | Partners | Support | FAQs | Contact us

Home

Signature
Creation

Signature
Verification

Certificate
Validation

Time Stamp
Issuance

Certificate
Issuance

Trusted
Archiving

Secure
Email

Back to Demo

How it works

Technical Details

Signing Demos

Verification Demos

Validation Demos

OCSP Demos

Certificate Demo

Timestamp Demos

Secure Email Demos

Certificate Issuance

Request access to
evaluation software

Contact me

Welcome to the OCSP Certificate Revocation Checking Service

Online Certificate Status Checking (OCSP)

Technical Summary:

	ADSS Server is a J2EE application offering multi-function eTrust services, including digital signing, signature verification, long-term archiving, OCSP certificate validation, Time-stamping, certificate issuance, etc.
	This web application uses a standard OCSP request to determine the revocation status of the target certificate. The OCSP response is then displayed in the result page.

System Requirements:

	The following is required to run this demo:
	Standard internet browser only

Interoperability Testing Service:

You can directly test your OCSP client applications against the GlobalTrustFinder OCSP Service.

The service is located on the following address:

URL = http://ocsp.globaltrustfinder.com

Registered CAs:

The GlobalTrustFinder OCSP server provides certificate status services for a range of CAs, as listed here. If you wish to add your CA please email support@globaltrustfinder.com.

OCSP Request Handling:

An OCSP request sent to the GlobalTrustFinder OCSP service may contain an optional “nonce” extension. In this case the OCSP service will return the same “nonce” in the OCSP response message.

An OCSP request may contain multiple “certIDs” in case validation of multiple certificates in a single OCSP request is required. The limit on number of CertIDs in a single request is 5.

OCSP requests may optionally be signed.

OCSP Response Processing:

OCSP responses will be signed by the GlobalTrustFinder OCSP service using the RSA/SHA1 algorithm. The certificate used to verify the OCSP responses has a common name of “GlobalTrustFinder OCSP Service” and its full certificate chain is available here.

Your OCSP client applications must trust this certificate in order to verify the signature on the OCSP responses correctly.

Test Certificates:

A “good” (i.e. valid) test certificate and a “revoked” (i.e. invalid) test certificate are available for your testing purposes. Alternatively you may use any certificate from the registered CAs.