GlobalSign News & Events

19 June 2012

GlobalSign, DigiCert, Comodo, and NGINX, Inc. improve Online Trust through Enhanced Certificate Revocation Checking, sign a Sponsorship Agreement

New version of the popular NGINX web server to support OCSP-stapling

Boston, MA - June 19 2012 - Today GlobalSign, DigiCert, Comodo, and NGINX announced a joint effort and a sponsored development contract, to enhance the NGINX open source web server to support OCSP-stapling. This collaboration further advances the SSL ecosystem by improving the privacy, reliability and revocation checking for all websites using the NGINX web server — currently run by more than 25 percent of the top 1,000 websites, and by 70,000,000 websites on the Internet overall.

"The team at NGINX is delighted that GlobalSign, DigiCert, and Comodo support the OCSP stapling enhancement to the NGINX webserver," said Igor Sysoev CTO and principal architect at NGINX, "We have been continuously working on enhancements to NGINX that increase performance, reliability and security. With improved SSL functionality we expect the vast majority of our customers to share our enthusiasm for increased safety on the Internet."

The Online Certificate Status Protocol (OCSP) is used to present the revocation status, or current validity, of an SSL certificate, and provides an alternative to the Certificate Revocation List (CRL) method. OCSP offers efficiencies when compared to the CRL method, which requires the client, such as a browser, to download potentially large databases of revocation information reflecting the status as of its last publication date In contrast, OCSP can provide more up-to-date status information by allowing the browser to query the revocation status at the very point of encountering the certificate, without relying on cached information.

OCSP-stapling enhances the basic OCSP method by allowing the presenter of a certificate, such as the website hosting the SSL certificate, to deliver the OCSP response to the browser instead of it being delivered by the issuing CA. By keeping the certificate response within the web host and not with the CA, OCSP-stapling ensures the browser receives the same response performance for the certificate status information as it does for the website content. This helps to maintain a high-quality user experience and avoids delays otherwise caused by request volume or network congestion that can slow CA response under the standard OCSP method. Compared with basic OCSP, privacy concerns are also addressed, as the CA is no longer receiving revocation requests directly from the browser.

In a collective statement by GlobalSign, DigiCert, and Comodo, Ryan Hurst the Chief Technology Officer of GlobalSign stated "By addressing the issues holding back common usage of OCSP, NGINX is contributing toward a unified goal of widespread OCSP adoption across all webservers on the Internet. This project is another major initiative where certification authorities are working closely to improve the ecosystem for everyone relying on SSL for a safer, private and more secure Internet experience."

NGINX is the second most popular open source webserver and, according to the W3Techs server survey, is currently used by more than 25 percent of the top 1,000 most visited websites. The new version with full OCSP-stapling support will be available in late August 2012. IIS on Microsoft Server 2008 and Apache 2.3.6 already support OCSP-stapling; thus, the enhancements to NGINX mean that nearly all webservers can now deploy this critical technology.

For current release information on the new version of NGINX, please visit www.nginx.com.

About GMO GlobalSign

GlobalSign, founded in 1996, is a provider of identity services for the Internet of Everything (IoE), mediating trust to enable safe commerce, communications, content delivery and community interactions for billions of online transactions occurring around the world at every moment.  Its identity and access management portfolio, acquired from Ubisecure in September 2014, includes access control, single sign-on (SSO), federation and delegation services to help organizations and service providers create new business models for customer and partner interactions.  The former Ubisecure operation is now the GlobalSign Center of Excellence for IAM, located in Helsinki, Finland. GlobalSign’s solutions are designed to address the massive scalability demanded by the emerging $14.4 trillion IoE market, where the ability to make secure networked connections among people, processes, data and things, will require that every “thing” have a trusted identity that can be managed.  The company has offices in the U.S., Europe and throughout Asia.  For the latest news on GlobalSign, visit www.globalsign.com or follow GlobalSign on Twitter (@globalsign ).

About GMO Cloud KK

GMO Cloud K.K. (TSE: 3788) is a full-service IT infrastructure provider focused on cloud solutions. Established as a hosting company in 1996, the company has managed servers for more than 130,000 businesses and now has 6,500 sales partners throughout Japan. In February of 2011, the company launched GMO Cloud to enhance its focus on cloud-based solutions. Since 2007, the company has also grown its GlobalSign SSL security brand through offices in Belgium, U.K., U.S., China and Singapore. For more information please visit http://ir.gmocloud.com/english/ .

GMO Internet Group

GMO Internet Group is an Internet services industry leader, developing and operating Japan’s most widely used domain, hosting & cloud, ecommerce, security, and payment solutions. The Group also comprises the world’s largest online FX trading platform, as well as online advertising, Internet media, and mobile entertainment products. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. For more information please visit http://www.gmo.jp/en/.

Share this article

Back to GlobalSign Newsroom

Media Relations

For further information on GlobalSign press releases,
events or for media enquires please contact:

Janine Marchi
Communications Manager
Call: 603-570-7060
Email: press@globalsign.com