OCSP (Online Certificate Status Protocol, RFC 2560) is a protocol which enables the clients to request the status of X.509 certificates. First the OCSP server authenticates the client and afterwards determines the certificate status. For this purpose it can use CRLs (Certificate Revocation Lists) or other mechanisms. Later on the server generates an answer, authenticates itself against the client and assigns a status to the specific certificate (good=not revoked, revoked, unknown). The client can verify the server's identity and finally act according to the certificates status.