In my last two posts I examined the reasons why certificate revocation is important to enterprise security and some limitations of using OCSP to check for revoked certificates. Now I’m going to suggest a strategy that you can use to improve the effectiveness of OCSP in your organization.
The problem with all of the revocation methods mentioned so far is that the burden is all on the client. Each user, each web browsing request, must make its own query of the revocation service. But there is a smarter way to do this: OCSP Stapling.
Read the full article published August 7, 2018 here: https://www.venafi.com/blog/strategies-improving-benefits-certificate-revocation by Venafi.