Home

Microsec

MicroOCSP daemon

Microsec online certificate status protocol daemon is an RFC 6960 OCSP server to provide online status information about certificates issued by any (unlimited) number of CA-s. The MicroOCSP daemon application is a native code software therefore it has better response performance than Java-based OCSP solutions. The MicroOCSP daemon is part of the MicroCA application but it is also available as a separate product.

Applied standards

  • RFC 2560
  • RFC 6960

Supported key stores (engines)

  • Any OpenSSL supported HSM (suggested: nCipher Solo)
  • Software based (pem files)

Main characteristics

  • Scalable performance
  • It provides operator card support at system launch when keys are stored in HSM (K of N)
  • Authorized and Trusted modes (simultaneously)
  • HTTP communication protocol (suggested to put behind web proxy)
  • Supported hash algorithms to sign OCSP answers: SHA-1 (not recommended), SHA256, SHA384 and SHA512
  • Supported signature algorithms: RSA: 1024 (not recommended), 2048, 3072 and 4096 bits and ECC: NIST-P256
  • OCSP certificate database: Based on MicroCA application database (It provides “unknown” answer about certificates, that are not found in the database but issued by the CA.), OpenSSL index.txt database file, Integration to other CA databases (based on OpenLDAP DB) (optional), It supports any CA application, that based on action triggered CRL publication (not recommended by CA/Browser Forum baseline requirements)
  • CRL and OpenSSL index.txt loading: Via HTTP url and from local file system
  • Short-term certificates: It supports short-term OCSP certificates (even 10 minutes expiration), Microsec CA certificates and interactive figure to demonstrate short-term certificates: https://e-szigno.hu/en/pki-services/ca-certificates.html
  • Automatic reload of CRLs, OCSP response certificates, OpenSSL index.txt database files
  • Multi CA support
  • Running mode: daemon
  • The number of processes can be configured
  • Archive Cutoff support, different mode for each CA (next update, accepted digest and response algorithms)

Suggested platforms

  • Linux (e.g. SUSE SLES 10, 11)
  • CentOS 6.5+
  • Red Hat 6.5+

Ask for More Information

Scroll to Top