ocspd(1) BSD General Commands Manual ocspd(1)NAMEocspd — OCSP and CRL Daemon
SYNOPSISocspdDESCRIPTIONocspd performs caching and network fetching of Certificate Revocation
Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses. It
is used by Security.framework during certificate verification. Secu‐
rity.framework communicates with ocspd via a private RPC interface. When
Security.framework determines that a CRL is needed, or that it needs to
perform an OCSP transaction, it performs an RPC to ocspd which then exam‐
ines its cache to see if the appropriate CRL or OCSP response exists and
is still valid. If so, that entity is returned to Security.framework. If
no entry is found in cache, ocspd obtains it from the network, saving the
result in cache before returning it to Security.framework.
This command is not intended to be invoked directly.
FILES
/private/var/db/crls/crlcache.db CRL cache
/private/var/db/crls/ocspcache.db OCSP response cache
HISTORYocspd was first introduced in Mac OS X version 10.4 (Tiger).
AUTHORS
Doug Mitchell
Darwin June 8, 2024 Darwin