2 Billion Certificate Revocation Checks in a Day!

October 11, 2013 | By Kevin Judge

Wow!
On September 30th, Comodo’s (OCSP) responders handled over 2 billion requests in one day! Web users all over the globe can sleep better at night knowing Comodo has their back.

OCSP is a protocol enabled in modern browsers that makes real time checks as to whether or not an SSL Certificate has been revoked. A certificate may be revoked for a variety of reasons, including inattentiveness by the site operators and procurement by fraudsters. Certificates are sometimes revoked because their private key has been compromised by hackers who can use it to commit “man-in the middle” attacks. Such attacks intercept the messages between a browser and the web server and are often used for financial fraud.

Whenever somebody connects to the secure area of a website over https, the protocol sends a request for the revocation status of a website’s SSL certificate. The request is received by dedicated servers run by the issuing CA known as OCSP responders, which reply with a digitally-signed response containing the revocation status of the website’s certificate. If the response is ‘good’, then the certificate is ok and the https connection can proceed. If the response is ‘revoked’, then the browser can inform the user that the connection cannot be trusted.

This milestone is proof that Comodo’s ongoing investment in revocation checking infrastructure allows us to meet the exponential growth of SSL secured Internet traffic.

“For many years, this long established mechanism of communicating certificate revocation status has been successfully used by all major CAs to protect end-users. It is also interesting to note that we observed this growth in checks during a time when some major browser vendors have actually switched off revocation checking in their browser software.” said Melih Abdulhayoglu, President and CEO, Comodo, “Comodo is committed to maintaining a robust OCSP infrastructure and is also heavily involved with other major CAs in initiatives which actively improve the effectiveness of the protocol, such as the NGINX OCSP stapling project.”

2 billion requests per day means Comodo’s servers and infrastructure is being put to the test, but we are clearly passing.

Be Sociable, Share!

    Comments

    Rolex Guy February 20, 2014 at 2:56 am

    Thanks for your nice articles. I like it very much.

    Reply

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>