OCSP Validation Server

OCSP is a protocol for checking the current validity status of an X.509 certificate online. Keyon’s OCSP Validation Server offers extensive functionalities for demanding environments.

Real-time status check of X.509 certificates

Validity depends on the integrity of the certificate, its period of validity and its revocation status. It can be determined on the basis of a static certificate revocation list (CRL) or in real time using the OCSP protocol. Keyon’s OCSP Server is a scalable high-performance server that can be integrated directly into the relevant CA database and securely transmits the requested certificate status to the clients on the basis of a set of rules.





      Scalable and high-performance solution

      Handles large numbers of OCSP status requests in an Enterprise and IoT environment.

      Compliance with CA/Browser Forum Baseline Requirements

      Meets the high standards of the CA/Browser Forum

      Web-based administration

      Role-based, intuitive GUI for administration and reporting

      OCSP Validation Server

      OCSP is a protocol for on-line checking of the current validity status of an X.509 certificate. The OCSP Validation Server from Keyon offers extensive functionality for demanding environments.

      With the status inquiry via OCSP it can be determined whether a certificate is still valid or blocked. Compared to the status inquiry through certificate revocation lists (CRL), OCSP allows a simple and most notably a timely accurate status check. This is particularly important for transactions where great emphasis is placed on confidentiality, integrity and authenticity. The OSCP has been specified and standardized by the IETF (RFC 6960). From Windows Vista onwards, OCSP is the preferred protocol for querying the status of certificates.

      • Real time status check of X.509 certificates
      • Simple installation and administration
      • High-performance solution through integrated cache
      • Role based administration via a web-based GUI
      • The certificate status is determined on the basis of certificate revocation lists (CRL) or database entries
      swiss it security


      With the OCSP Validation Server from Keyon, a database for each CA can be configured and queried, whether the tested serial number of a certificate exists in the database. With this feature, the high requirements of the CA / Browser Forum Baseline Compliance are met in connection with “OCSP Response for non‐issued certificates”.

      Administration is performed through a web interface with certificate-based authentication. Any number of users can be assigned to configurable groups with finely differentiated rights.

      The Validation Server from Keyon supports any number of file, AD, LDAP or HTTP(S) status codes from various internal or external CA’s. Multistage certificate hierarchies and cross certificates are also supported. All common X.509 extensions are interpreted. The key for signing OCSP responses can be stored in a HSM or a soft token.

      A plugin API allows the development of your own plugins for the determination of status information and the embedding of extensions in the OCSP responses (e.g. SCT Certificate Transparency).

      Using a HSM, hundreds of OCSP requests can be answered per second. An integration in load balancing or cluster systems ensures high availability and performance. All current status information is stored in a cache, so that in the event of a restart it is immediately available as base for the validation of information and independent of other components.

      Request now

      Submit your email address and we will get in touch with you shortly

      Are you interested in our solution?


      Submit your email address  and receive more information about our OCSP Validation Server solution.

      Vendors & Certifications

      Pioneering products and solutions from the world’s leading vendors

      Swiss IT Security Logo
      Swiss IT Security Logo

      Swiss IT Security AG

      Swiss IT Security AG, a member of the internationally active Swiss IT Security Group, is a service provider in the field of information, system, application and network security. As a passionate IT security service provider and system integrator, Swiss IT Security AG offers its customers coordinated solutions and consulting services for IT security in the corporate environment.

      We also provide

      Pioneering products and solutions from the world’s leading vendors


      Thank you for your interest!

      You can download the product sheet by clicking the button below.