Home Guides Glossary

Verifying a Certificate's Validity on Your Computer

When an application receives digitally signed or secured content from the Internet, such as HTTPS-secured websites or signed software, it must verify that the certificate used to secure the content, such as an SSL or code signing certificate, is valid.

Applications, such as Web browsers and operating systems, validate certificates using Certification Revocation Lists or the Online Certificate Status Protocol.

Verification Methods

Applications use two types of verification methods to check the validity of a digital certificate:

Certification Revocation Lists (CRLs) — A CRL is a list of revoked certificates. Applications that use CRLs to verify certificates automatically download the entire CRL file and check the status of the certificate with the list. If it is revoked and listed in a CRL, the application should not trust it.

Online Certificate Status Protocol (OCSP) — An OCSP service is query-based. Applications that use OCSP check the status of a certificate without the need to download a CRL. OCSP provides a "good" or "revoked" response.

This chart is a guideline for how common applications and operating systems verify certificates. However, some applications or operating systems might be configured to perform differently.

Software vendors determine the validation method. The Certification Authority has no control over how a certificate is validated.

Windows® 2000 Windows XP / Windows Server 2003 Windows Vista Windows 7 / Windows Server 2008 Mac® OS X
Internet Explorer® CRL CRL OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available N/A
Firefox® OCSP OCSP OCSP OCSP OCSP
Safari® N/A CRL OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available
Chrome N/A CRL OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available
Opera® OCSP and CRL OCSP and CRL OCSP and CRL OCSP and CRL OCSP and CRL
Verifying Code Signing Certificates CRL CRL OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available OCSP first; will use CRL if OCSP is not available

Access to CRL and OCSP Services

CRLs and OCSP use HTTP to retrieve information from the following servers. If you are a network administrator for your organization, make sure all computers in your network that might encounter a digital certificate issued by us can access these CRL and OCSP services.

Service DNS Hostnames Destination IPs Port
CRL crl.starfieldtech.com
certificates.starfieldtech.com
72.167.18.238
72.167.239.238
188.121.36.238
182.50.136.238
50.63.243.229
tcp/80
OCSP
ocsp.starfieldtech.com
72.167.18.239
72.167.239.239
188.121.36.239
182.50.136.239
50.63.243.230
tcp/80

This table is subject to change over time as we expand our services.

Domain Registration

Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

Website Builder

For as little as $3.89 per month you can build your Website online with Website Builder using our easy to use professional templates. Play Video - Demo

Quick Shopping Cart

Build and run your own successful online store in minutes. You're just five easy steps away! Shopping Cart works with Google® and eBay® Play Video

Website Hosting

Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate

Copyright © 2005 - 2017. All rights reserved. Privacy Policy