Today GlobalSign, DigiCert, Comodo, and NGINX announced a joint effort and a sponsored development contract, to enhance the NGINX open source Web server to support OCSP-stapling. This collaboration further advances the SSL ecosystem by improving the privacy, reliability and revocation checking for all websites using the NGINX web server — currently run by more than 25 percent of the top 1,000 websites, and by 70,000, 000 websites on the Internet overall.
"The team at NGINX is delighted that GlobalSign, DigiCert, and Comodo support the OCSP stapling enhancement to the NGINX webserver," said Igor Sysoev CTO and principal architect at NGINX,"We have been continuously working on enhancements to NGINX that increase performance, reliability and security. With improved SSL functionality we expect the vast majority of our customers to share our enthusiasm for increased safety on the Internet."
The Online Certificate Status Protocol (OCSP) is used to present the revocation status, or current validity, of an SSL certificate, and provides an alternative to the Certificate Revocation List (CRL) method. OCSP offers efficiencies when compared to the CRL method, which requires the client, such as a browser, to download potentially large databases of revocation information reflecting the status as of its last publication date In contrast, OCSP can provide more up-to-date status information by allowing the browser to query the revocation status at the very point of encountering the certificate, without relying on cached information.
OCSP-stapling enhances the basic OCSP method by allowing the presenter of a certificate, such as the website hosting the SSL certificate, to deliver the OCSP response to the browser instead of it being delivered by the issuing CA. By keeping the certificate response within the web host and not with the CA, OCSP-stapling ensures the browser receives the same response performance for the certificate status information as it does for the website content. This helps to maintain a high-quality user experience and avoids delays otherwise caused by request volume or network congestion that can slow CA response under the standard OCSP method. Compared with basic OCSP, privacy concerns are also addressed, as the CA is no longer receiving revocation requests directly from the browser.
In a collective statement by GlobalSign, DigiCert and Comodo, Ryan Hurst the Chief Technology Officer of GlobalSign stated "By addressing the issues holding back common usage of OCSP, NGINX is contributing toward a unified goal of widespread OCSP adoption across all webservers on the Internet. This project is another major initiative where certification authorities are working closely to improve the ecosystem for everyone relying on SSL for a safer, private and more secure Internet experience."
NGINX is the second most popular open source webserver and, according to the W3Techs server survey, is currently used by more than 25 percent of the top 1,000 most visited websites. The new version with full OCSP-stapling support will be available in late August 2012. IIS on Microsoft Server 2008 and Apache 2.3.6 already support OCSP-stapling; thus, the enhancements to NGINX mean that nearly all webservers can now deploy this critical technology.
Run by the busiest websites on the Internet, NGINX (Nginx.com) enables businesses worldwide to match rapidly increasing demand for faster web experience without incurring unnecessary costs in capital investments or time. In almost 10 years of its history, NGINX became key software component of most famous web architectures. Today NGINX serves over 25 percent of the top 1,000 websites, and 70 million of websites overall. Successful online services, transforming and shaping the future of Internet—such as Netflix, Pinterest, CloudFlare, Airbnb, WordPress, GitHub, SoundCloud, Zynga, Eventbrite, Zappos, Media Temple, Heroku, RightScale, Engine Yard, use NGINX as part of their infrastructures.
In July 2011, NGINX founded its commercial arm, Nginx, Inc, to facilitate the development of NGINX.
The Comodo companies (Comodo.com) provide the infrastructure that is essential in enabling enterprises, e-merchants and individual consumers to securely interact and conduct business via the Internet. Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and have over 35 million installations of their range of desktop security products.
About DigiCert, Inc.
DigiCert (Digicert.com) is a premier online trust provider of enterprise security solutions with an emphasis on authentication, PKI and high-assurance digital certificates. Headquartered in Lindon, Utah, DigiCert is trusted by a continually growing clientele of more than 50,000 of the world's leading government, finance, education and Fortune 500® organizations. DigiCert has been recognized for its excellence in customer support and the workplace, and was applauded for its value-added product features with the 2011 Frost & Sullivan Customer Value Enhancement Award for SSL Certificates. For the latest news and updates on DigiCert, visit the website, like DigiCert on Facebook® or follow Twitter® handle @digicert.