All electronic signature certificates come with an expiration date. And if lost or stolen, the certificate will have been suspended and/or revoked; this can occur at the time of signing or later.
For this reason, Izenpe offers a safe and easy online system whereby through OCSP (Online Certificate Status Protocol) and connection to the Izenpe server, you can verify the validity of certificates and the status of the certificates used in your applications.
For each certificate involved in a transaction, the application will send a certificate verification request to the certificate validation server. You will then be sent a signed response indicating current status.
OCSP offers a number of advantages over validation based on Certiﬁcate Revocation Lists (CRL):
It eliminates the need to periodically circulate bulky and not fully up-to-date CRLs.
The validity of transactions can be verified at a later date if the signed responses are stored, without the need to keep all of the CRLs on file.
OCSP does not exclude the use of CRLs; the two systems can complement each other. Since OCSP validation means that the validation server must always be available, certificate validation using CRLs can be maintained as an alternative mechanism.