Changes to OCSP Publication for Google Trust Services Certificates
Google Trust Services is planning to drop support for Online Certificate Status Protocol (OCSP)
information for most certificate chains.
What is OCSP?
OCSP is an internet protocol used for determining the status of an X.509 digital certificate. It
allows applications to check in real-time if a certificate is revoked. Other mechanisms exist to
check certificate revocation in a more efficient manner for browsers and modern TLS clients.
Changes to OCSP Availability
In the second half of 2025, Google Trust Services will discontinue embedding OCSP information for
the majority of our certificate chains. This change is being implemented to improve efficiency and
align with industry best practices. For more information on the evolution and decline of OCSP, see
this Feisty Duck article.
Why is GTS Making This Change?
This decision is based on several factors:
* Industry Alignment: Many leading certificate authorities are moving away from OCSP.
* Improved Efficiency: OCSP response generation consumes a lot of a CA's signing capacity and can
slow the re-issuance cycle in the case of mass revocations/mass renewals.
What This Means for You
For most users, this change will be seamless and will not require any action. Modern browsers and
applications utilize multiple certificate validation methods, so the transition will not cause
noticeable changes for typical use.
Impact and Action
In the vast majority of cases, there will be no impact on the functionality of certificates issued
by Google Trust Services. If your systems rely on OCSP for certificate validation and do not have
fallback options, you may need to review and update your configurations to support alternative
methods like short lived certificates or CRL verification.