Digital Certificate Validation (OCSP) Profile

Title: Digital Certificate Validation (OCSP) Profile

Description: The Digital Certificate Validation (OCSP) Profile provides standards and guidance in support of a digital certificate validation based on OCSP.

Reference document

Org: FMN

Pubnum

Date: 2023-10-16

Version

Title: FMN Spiral 5 Specification

Taxonomy

Digital Certificate Services

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

The Online Certificate Status Protocol (OCSP) capability is mandatory for PKI Service providers. Clients might support this protocol.

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (RFC 6960:2013)

Guidance

The addresses of OCSP endpoints shall be provided in digital certificates through Authority Information Access (AIA) extension.

Further mandatory guidance on the implementation and usage of OCSP Signing Certificates is provided in the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2, with the following allowed deviations

all applications and clients using OCSP responses should support responses signed with a certificate that has the Non-Repudiation bit set, especially in the case of signature-only certificates (where only this bit is set in KeyUsage).

Status

URI

History

Flag	Date	RFC	Version
added	2023-12-01	15-023	15

UUID: c81ff861-adf6-4e80-b9cb-bd8090dde8c6

Utilization

This profile is used by the following profiles:

Infrastructure Security Standards Profiles - (profile)