Check OCSP Revocation Status
Enter a domain to query its certificate revocation status via OCSP
Querying OCSP responder for …
- Common Name
- -
- Issued by
- -
- Expires
- -
- Serial Number
-- OCSP Responder
- -
- OCSP Status
- -
What is OCSP?
OCSP (Online Certificate Status Protocol) is a real-time mechanism for checking whether an SSL certificate has been revoked by its Certificate Authority. Unlike the older CRL (Certificate Revocation List) approach, OCSP provides immediate status without downloading large revocation lists.
Why Revocation Matters
When a private key is compromised, or a cert is misissued, the CA revokes it. Browsers and clients should refuse to trust revoked certificates.
Real-Time Check
OCSP queries the CA's responder directly and returns a signed response: Good (valid), Revoked, or Unknown.
OCSP Stapling
With OCSP stapling, the web server caches and delivers the OCSP response directly — improving privacy and performance over standard OCSP.
Soft-Fail Behaviour
Most browsers use soft-fail: if the OCSP responder is unreachable, the certificate is still accepted. Only hard-fail or OCSP stapling with must-staple closes this gap.
Need a Free SSL Certificate?
Generate a trusted SSL certificate powered by Let's Encrypt - completely free.