Validate Certificates
Validate certificates. Check if a certificate expired or not, and more.
Raidiam Connect enables organisations to validate server (organisation) and client (application) certificates using Online Certificate Status Protocol (OCSP).
Within your organisation's application code, you can validate certificates using OCSP using popular libraries and tools of your choice like for example OpenSSL or its alternatives.
Online Certificate Status Protocol (OCSP) is a protocol used in Public Key Infrastructure to check the revocation status of digital certificates in real-time. When a client, such as an organisation's client application, needs to verify another organisation server's certificate, it sends an OCSP request to an OCSP responder. The responder then checks the certificate's status and replies with one of three responses: good, revoked, or unknown. This process ensures that certificates used in secure communications are still valid and haven't been revoked by the Raidiam's Certificate Authority (CA) or an organisation itself
Upon receiving a server/client certificate, create an OCSP request that contains the received certificate's serial number.
Send the prepared request to Raidiam's OCSP URI.
If you want to test it manually, you can download one of your certificates and execute the following command in your terminal to get the OCSP URI:
For quick manual testing, you can use platforms like Red Kestrel to decode certificates and get the OCSP URI and other information about the certificate.
Raidiam's OCSP responder (Certificate Validation Service) reads the certificate serial number from your request. The OCSP responder uses the certificate serial number to look up the revocation status of the provided certificate. The OCSP responder validates the certificate.
In this scenario, Raidiam's Certificate Validation Service is the only trusted location where a compromise to the provided certificate would be recorded.
Raidiam's Certificate Validation Service provides a signed successful OCSP response which was signed using Raidiam Connect's Public Key.
Using Raidiam's public key, cryptographically verify the OCSP response you received.
For quick manual testing, you can use platforms like Red Kestrel to decode certificates and get the OCSP URI and basic information about the certificate.