SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


OCSP stapling: How to provide a certificate's validity attestation during the connection?

When a browser (a TLS client) enables a SSL connection, it checks the validity of the server certificate. This validation is ran by the browser that questions an OCSP (Online Certificate Status Protocol) server managed by the certification authority.

This mechanism provides an acceptable security level (even if there are issues linked to the protocol implementation) but has several flaws such as having to enable a communication with the certification authority (not always a possibility in some organization infrastructure).

To prevent it, OCSP stapling mechanism (described in RFC 4366) allows the TLS server to act like a proxy (intermediary) and to supply an OCSP confirmation during the TLS connection.

Deployment on servers and browsers is uneven, but if you do have a compatible server it can improve your users experience.

Servers compatible with OCSP-stapling

Browsers compatible with OCSP-stapling

  • Chrome 12+ under Windows
  • Internet Explorer 9+ under Vista and higher
  • Opera v11+

Test your certificate

On your certificate status page you can consult your certificate status: if it has been revoked for example (by whom and on which date). You'll also see a 'check your certificate' button to know if your certificate has correctly been installed.

CO-piBOT, our testing tool, connects to your HTTPS website, enables a SSL session and analyzes the results.
You can use this tool on other protocols as well (SMTPs, HTTPs, IMAPs, POPs, ...).

 COpiBOT is also freely available on this page.