基于OCSP的证书状态查询机制研究与实现

证书状态查询是PKI中的一个十分重要的问题,OCSP是解决这个问题的一种重要机制。分析了OCSP协议,结合Hash快速查找、缓存设计、线程池和Linux内存管理的方法,在保证兼容性、安全性和正确进行数字签名的前提下,提出一种OCSP服务器的实现方法。最后,通过分析证明该系统缩短了平均签名时间,提高了性能。

The Research and Implementation of Certificate Status Inquiry Based on OCSP

Certificate status query is very important component in PKI,and OCSP is an important mechanism to solve this problem.This paper analyzes the technical details of OCSP protocol,and a highly efficient implementation of OCSP server is brought forward,which applies Hashtable search,cache,thread-pool technology and Linux memory management technology.In addition to signing response messages correctly,ensuring security,and keeping compatibility.At the end of the paper,it is proved that server efficiency is improvency is improved greatly.