OCSP Responder

Software to improve the speed and security of OCSP validation.


Responses are served at the front-end by an Nginx module. A single instance can serve over one billion responses per day.


Entirely written in C with no Java or back-end database required. Very low memory footprint.


OCSP responses are produced in batch at pre-determined intervals. Once produced, responses are uploaded to the front-end, Nginx based repeater.
OCSP requests are never routed to the backend OCSP signer/HSM.


Capable of handling all types of request.
Requests using GET or POST.
Requests with a nonce.
Supports responses for unknown (not issued) certificates.
Latest RFC support.