Verifying a Certificate's Validity on Your Computer
When an application receives digitally signed or secured content from the Internet, such as HTTPS-secured websites or signed software, it must verify that the certificate used to secure the content, such as an SSL or code signing certificate, is valid.
Applications, such as Web browsers and operating systems, validate certificates using Certification Revocation Lists or the Online Certificate Status Protocol.
Applications use two types of verification methods to check the validity of a digital certificate:
Certification Revocation Lists (CRLs) — A CRL is a list of revoked certificates. Applications that use CRLs to verify certificates automatically download the entire CRL file and check the status of the certificate with the list. If it is revoked and listed in a CRL, the application should not trust it.
Online Certificate Status Protocol (OCSP) — An OCSP service is query-based. Applications that use OCSP check the status of a certificate without the need to download a CRL. OCSP provides a "good" or "revoked" response.
This chart is a guideline for how common applications and operating systems verify certificates. However, some applications or operating systems might be configured to perform differently.
Software vendors determine the validation method. The Certification Authority has no control over how a certificate is validated.
|Windows® 2000||Windows XP / Windows Server 2003||Windows Vista||Windows 7 / Windows Server 2008||Mac® OS X|
|Internet Explorer®||CRL||CRL||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available||N/A|
|Safari®||N/A||CRL||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available|
|Chrome||N/A||CRL||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available|
|Opera®||OCSP and CRL||OCSP and CRL||OCSP and CRL||OCSP and CRL||OCSP and CRL|
|Verifying Code Signing Certificates||CRL||CRL||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available||OCSP first; will use CRL if OCSP is not available|
CRLs and OCSP use HTTP to retrieve information from the following servers. If you are a network administrator for your organization, make sure all computers in your network that might encounter a digital certificate issued by us can access these CRL and OCSP services.
|Service||DNS Hostname(s)||Destination IPs||Port|
This table is subject to change over time as we expand our services.
What Is the encryption strength of your SSL certificates?
What is an intermediate certificate?
How do I install an intermediate certificate?
HTTP vs. HTTPS
Setting up a SSL for Intel vPro
What is the difference between a Deluxe and a Standard SSL Web Server Certificate?
Your message was successfully sent.
There was an error in sending your message, please try again.
Have a question about the content of this article?