# API Documentation OCSP service provides real time verification of the status of NVIDIA device identity certificates. OCSP Endpoint: [https://ocsp.ndis.nvidia.com](https://ocsp.ndis.nvidia.com) OCSP query can be performed using openssl as below: ``` openssl ocsp -noverify -no_nonce -respout ocspresponse.resp -reqout ocsprequest.req -issuer nvidiacertchain.pem -cert nvidiacert.pem -url "https://ocsp.ndis.nvidia.com" -text ``` OCSP Certificate Status API request and response require the below details: An OCSP request contains the following data: - protocol version - service request - target certificate identifier - optional extensions, which MAY be processed by the OCSP responder - nonce An OCSP response contains the following data: - version of the response syntax - identifier of the responder - time when the response was generated - responses for each of the certificates in a request - optional extensions - signature algorithm OID - signature computed across a hash of the response The response for each of the certificates in a request consists of: - target certificate identifier - certificate status value - response validity interval - optional extensions This specification defines the following definitive response indicators for use in the certificate status value: - good - revoked - unknown Example output ``` OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 27C00D8DAB68F465BD71258DADD158A30B5C99F0 Issuer Key Hash: 2D3E1FE02672EE00BFA96C52AE5E6314C1A1FE1C Serial Number: 860BEA704EB340D4 OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: 9C88E9C064BB5DE772D4D9C494E5F760BE5E1DA0 Produced At: Sep 11 05:56:09 2024 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 27C00D8DAB68F465BD71258DADD158A30B5C99F0 Issuer Key Hash: 2D3E1FE02672EE00BFA96C52AE5E6314C1A1FE1C Serial Number: 860BEA704EB340D4 Cert Status: good This Update: Sep 11 05:56:09 2024 GMT Next Update: Sep 12 05:56:09 2024 GMT Signature Algorithm: ecdsa-with-SHA384 Signature Value: 30:65:02:30:2b:6b:cf:67:cc:50:b1:9e:2e:79:fd:d2:3c:f7: 87:57:33:85:b3:ea:f6:f6:20:e6:f3:63:c9:29:c7:3f:3b:98: cc:47:19:82:f1:41:a7:08:68:ff:37:26:e7:d0:ef:b7:02:31: 00:ff:dd:28:b3:c2:6a:10:4a:1f:92:9d:b7:84:8f:af:71:e2: 12:59:a5:6e:2b:d3:bf:44:cc:56:44:a2:65:42:89:28:95:96: 89:cf:44:46:c9:a7:52:ea:19:84:38:62:19 Certificate: Data: Version: 3 (0x2) Serial Number: c3:eb:f6:54:20:22:fd:ec:45:12:f2:4b:a5:03:a3:dd Signature Algorithm: ecdsa-with-SHA384 Issuer: CN=NVIDIA Reference Value L3 GH100 002, O=NVIDIA Corporation, C=US Validity Not Before: Oct 31 00:00:00 2023 GMT Not After : Oct 31 00:00:00 2026 GMT Subject: CN=NVIDIA OCSP Responder L3 GH100 002, O=NVIDIA Corporation, C=US Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: 04:a2:cd:f3:76:5f:a2:51:f4:e2:0e:74:47:81:9a: 71:3f:85:e8:96:ba:02:4a:a5:a4:8e:90:4c:fc:45: 40:75:e1:d3:c9:48:89:bf:c4:d7:8c:b5:1d:9f:39: d2:93:4d:56:12:75:0d:d7:5f:e6:0e:4b:59:21:05: 41:69:e7:ec:7a:8b:4d:eb:eb:df:6f:fd:31:f4:4e: 22:1e:3e:ab:17:67:e0:24:de:c7:9f:17:5e:60:f9: 0a:3b:ad:1f:2e:cb:75 ASN1 OID: secp384r1 NIST CURVE: P-384 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: critical OCSP Signing OCSP No Check: X509v3 Subject Key Identifier: 9C:88:E9:C0:64:BB:5D:E7:72:D4:D9:C4:94:E5:F7:60:BE:5E:1D:A0 X509v3 Authority Key Identifier: 2D:3E:1F:E0:26:72:EE:00:BF:A9:6C:52:AE:5E:63:14:C1:A1:FE:1C Signature Algorithm: ecdsa-with-SHA384 Signature Value: 30:65:02:31:00:ca:ba:4a:4f:17:33:c2:dc:2c:5d:2c:84:c0: a5:55:29:8e:0f:c0:84:a7:2c:6d:ef:00:3a:a0:43:44:a1:dc: ed:74:87:e3:68:80:83:f3:f5:bd:d4:e7:6e:e4:8e:fe:41:02: 30:0c:db:61:a7:c4:85:c7:f3:cc:76:3d:34:79:b1:70:89:1f: a8:c7:e5:d0:36:af:94:34:98:dd:1a:d2:48:e0:52:65:49:37: 05:f6:66:44:5a:95:d8:c8:71:0f:8b:c3:53 -----BEGIN CERTIFICATE----- MIICdzCCAf2gAwIBAgIRAMPr9lQgIv3sRRLyS6UDo90wCgYIKoZIzj0EAwMwWDEs MCoGA1UEAwwjTlZJRElBIFJlZmVyZW5jZSBWYWx1ZSBMMyBHSDEwMCAwMDIxGzAZ BgNVBAoMEk5WSURJQSBDb3Jwb3JhdGlvbjELMAkGA1UEBhMCVVMwIhgPMjAyMzEw MzEwMDAwMDBaGA8yMDI2MTAzMTAwMDAwMFowVzErMCkGA1UEAwwiTlZJRElBIE9D U1AgUmVzcG9uZGVyIEwzIEdIMTAwIDAwMjEbMBkGA1UECgwSTlZJRElBIENvcnBv cmF0aW9uMQswCQYDVQQGEwJVUzB2MBAGByqGSM49AgEGBSuBBAAiA2IABKLN83Zf olH04g50R4GacT+F6Ja6AkqlpI6QTPxFQHXh08lIib/E14y1HZ850pNNVhJ1Dddf 5g5LWSEFQWnn7HqLTevr32/9MfROIh4+qxdn4CTex58XXmD5CjutHy7LdaOBhzCB hDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEF BQcDCTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBSciOnAZLtd53LU2cSU5fdg vl4doDAfBgNVHSMEGDAWgBQtPh/gJnLuAL+pbFKuXmMUwaH+HDAKBggqhkjOPQQD AwNoADBlAjEAyrpKTxczwtwsXSyEwKVVKY4PwISnLG3vADqgQ0Sh3O10h+NogIPz 9b3U527kjv5BAjAM22GnxIXH88x2PTR5sXCJH6jH5dA2r5Q0mN0a0kjgUmVJNwX2 ZkRaldjIcQ+Lw1M= -----END CERTIFICATE----- nvidiacert.txt: good This Update: Sep 11 05:56:09 2024 GMT Next Update: Sep 12 05:56:09 2024 GMT ``` ## End-user License Agreement By using the Attestation Suite Services, you affirm that you have read the Agreement and agree to its terms. If you do not have the required authority to enter into the Agreement or if you do not accept all Agreement terms and conditions, do not use the Attestation Suite Services. Please see the [End-user License Agreement](https://docs.attestation.nvidia.com/EULA/eula.html) for more information on data collection.