Ask a Question

Advanced Search

Solution ID : SO28927

Last Modified : 05/02/2018

SSL Online Certificate Status Protocol (OCSP) IP Addresses


We have upgraded our SSL Online Certificate Status Protocol (OCSP) infrastructure on January 13, 2014 to provide faster responses and a better experience for our customers. OCSP is one of two common schemes for maintaining the security of a server and other network resources. The other, older method, which OCSP has superseded in some scenarios, is known as Certificate Revocation List (CRL).

Here's how you'll benefit

  • Faster response time – OCSP requests will be served from the closest location to the user with dramatically improved average response times.
  • 100+ additional new sites – more sites handling OCSP requests mean improved availability and reliability all over the globe.

What this means to you

It is strongly recommended that any firewall policies and/or access control devices use URLs and not IP addresses. Thawte can change these IP addresses at any time without notification. If possible white list the following entries on your firewall policies and/or access control devices to ensure seamless access to our OCSP services.


If white listing wildcard entries is not permitted, you can white list the following specific fully qualified domain names (FQDNs).

If your corporate firewall is configured to allow only a certain set of IP addresses to be accessed from your network, you'll need to take the following actions:

  1. Get the full list of IP addresses for the new sites. Complete a short form and then you'll gain access to the site list.
  2. Install or add the IP addresses to your existing list – do not replace the old IP addresses and your existing rules for Thawte OSCP IP addresses should not be deleted.