Making an OCSP query with PHP + OpenSSL

This article introduces the possibility of making an OCSP query in order to check the validity of the certificate at the application level. Performing a certificate validity check is necessary for, e.g. logging into an e-service with the ID-card.

In the sample application, making the OCSP query is realised in PHP, but it could similarly be made in any other random application by rewriting the PHP snippet in the necessary language. The PHP snippet is suitable for use in web applications and presumes that the server has been configured to request the client certificate and the environment variables have been correctly configured (more detailed information in the sample file).

The provided sample is not very expedient for direct use as the OCSP query is performed every time the page is viewed, thereby making the number of queries rather big and possibly resulting in an increase in the price of the service. It is reasonable to additionally realise session management where the OCSP query is performed only upon the expiry of the SSL session or simply after a certain period of time. The detailed realisation thereof depends on the preferences and structure of each website.

The executable file in the sample application is merely pre-compiled OpenSSL that only contains the OCSP part. Therefore, for creating your own applications, the "official" version of OpenSSL (starting from version 0.9.7) may also be used – the command line commands and usage scenario are exactly the same as in the sample.


If you didn't find an answer to your question, send it to our team.

  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance


  • Verification failed

How can we improve the article and be more helpful?
Send Close