OCSP Checker

Check whether a domain's SSL certificate has been revoked by its Certificate Authority - queries the CA's OCSP responder directly.

Check OCSP Revocation Status

Enter a domain to query its certificate revocation status via OCSP

Try:

Querying OCSP responder for

Status
-
Certificate Details
Common Name
-
Issued by
-
Expires
-
Serial Number
-
OCSP Responder
-
OCSP Status
-

What is OCSP?

OCSP (Online Certificate Status Protocol) is a real-time mechanism for checking whether an SSL certificate has been revoked by its Certificate Authority. Unlike the older CRL (Certificate Revocation List) approach, OCSP provides immediate status without downloading large revocation lists.

Why Revocation Matters

When a private key is compromised, or a cert is misissued, the CA revokes it. Browsers and clients should refuse to trust revoked certificates.

Real-Time Check

OCSP queries the CA's responder directly and returns a signed response: Good (valid), Revoked, or Unknown.

OCSP Stapling

With OCSP stapling, the web server caches and delivers the OCSP response directly — improving privacy and performance over standard OCSP.

Soft-Fail Behaviour

Most browsers use soft-fail: if the OCSP responder is unreachable, the certificate is still accepted. Only hard-fail or OCSP stapling with must-staple closes this gap.

Need a Free SSL Certificate?

Generate a trusted SSL certificate powered by Let's Encrypt - completely free.