JITC

JOINT INTEROPERABILITY TEST COMMAND

Seal of DoD Seal of DISA Seal of JITC
JITC PUBLIC KEY INFRASTRUCTURE (PKI)
ONLINE CERTIFICATE STATUS PROTOCOL (OCSP) RESPONDER TESTING INFORMTION
Updated: 2/10/2021 2:46:31 PM
OVERVIEW

Currently the Department of Defense (DoD) Public Key Infrastructure (PKI) uses Certificate Revocation Lists (CRLs) to check the status of issued certificates. An alternative to CRL checking is to use Online Certificate Status Protocol or OCSP.

OCSP is a request-response protocol used for obtaining online certificate revocation information from a trusted entity, referred to as an OCSP Responder. OCSP Responders provide immediate revocation information on specific certificates rather than a list of certificate revocation information in the form of a CRL.

The Joint Interoperability Test Command (JITC) conducts OCSP Responder testing by using DOD Class 3 PKI test certificates and CRLs issued from the JITC PKI test Certificate Authority. CRLs are retrieved via Lightweight Directory Access Protocol (LDAP) from the JITC test Directory server and via HyperText Transfer Protocol (HTTP) from the JITC test web server.

JITC conducts testing of OCSP Responders at its PKE laboratory at Fort Huachuca, Arizona.

Download the JITC OCSP Responder Assessment Worksheet.

Testing of OCSP Responders is based on JITC's test plan DoD OCSP Responder Interoperability Master Test Plan, version 1.0, dated July 2003.

For contact information please see the POCs web page.

Certification Letters are available on the JITC Joint Interoperability Tool web page. A JIT account must be requested to obtain access to the certification letters.

JITC OCSP RESPONDER ONLINE

JITC has made available the Robust Certificate Validation System (RCVS) to support the vendor, developer, and testing communities. RCVS accepts certificate status requests at https://ocsp.nsn0.rcvs.nit.disa.mil. The JITC RCVS test environment uses the Delegated Trust Model (DTM). Unlike the direct trust model used previously, a client does not require an OCSP responder certificate. The responder certificate for any given OCSP request is an OCSP signing certificate issued by the CA that issued the certificate that is being validated. These CA-issued OCSP certificates have a short lifespan and are reissued regularly. The signature should verify via the trust chain.

OCSP RESPONDERS CERTIFICATION STATUS

The following table contains information on OCSP Responders that JITC is currently working with and OCSP Responders that are certified as interoperable with the DOD PKI.

Vendor Product Status
Alacris OCSP Server Professional, version 3.0.0 Certified
Details
Ascertia TrustFinder OCSP Server, version 5.0 Certified
Details
Ascertia TrustFinder OCSP Server, version 4.0 Certified
Details
CoreStreet Real Time Credentials (RTC) Validation Authority, version 4.0 Certified
Details
CoreStreet Real Time Credentials (RTC) Validation Authority, version 2.6.3 Certified
Details
CoreStreet Responder, version 5.1.5 Certified
Details
CoreStreet Responder Appliance 2400D, version 3.0.1 Certified
Details
CoreStreet Responder Appliance 1400 Certified
Details
CoreStreet Validation Authority (VA), version 5.1.5 Certified
Details
Kyberpass Validation Server, version 5.6.1 Certified
Details
Microsoft Corproation Microsoft OCSP Responder; Built into Windows Server 2008 and 2012 Certified
Details
Tumbleweed/Axway Valicert Validation Authority, version 4.9 Certified
Details
Tumbleweed Valicert Validation Authority, version 4.8 Certified
Details
Tumbleweed Valicert Validation Authority, version 4.7.3 Certified
Details
Tumbleweed Valicert Validation Authority, version 4.7.2 Certified
Details
Tumbleweed Valicert Validation Authority, version 4.7.1 Certified
Details
Tumbleweed Valicert Validation Authority, version 4.6.1 Certified
Details
CoreStreet Tactical Validation Authority (TVA), version 5.1.5 hotfix 20080421-1 Test Complete
Details
Computer Associates eTrust OCSPro, version 2.0.1 Not Tested
Details
CoreStreet Tactical Validation Authority (TVA), version 5.1.5 hotfix 20071119-1 Not Tested
Details

DISCLAIMER OF ENDORSEMENT

Reference in this website to any specific commercial products, process, service, manufacturer or company does not constitute its endorsement or recommendation by the United States Government.

Certification letters are available on the Joint Interoperability Tool web page. A JIT account must be requested to obtain access to the certification letters.

Top of Page

SUPPORT
General Support Request Form
Contact the Webmaster
FAQs
Viewing Problems
Common Errors
Finding Information
TOOLS
JANETT
JDMT
JIT
STP
CONTACT US
Fort Huachuca
Public Affairs
Visitor Support
DISA / JITC 2023