OCSP Tab (Reflection Certificate Manager)

Getting there

Configure one or more OCSP A protocol (using the HTTP transport) that can be used as an alternative to CRL checking to confirm whether a certificate is valid. An OCSP responder responds to certificate status requests with one of three digitally signed responses: "good", "revoked", and "unknown". Using OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs. responders for certificate revocation checking. Click Add to add a server to the list. By default, every server you add is queried for certificate validity, starting with the first server on the list. Clear the check box next to a server to disable certificate checking for that server without removing the server from the list.


Add an OCSP server to the list. Specify the server using the following URL format:


For example:



Edit the server URL.


Remove the selected server from the list.