API Documentation

OCSP service provides real time verification of the status of NVIDIA device identity certificates.

OCSP Endpoint: https://ocsp.ndis.nvidia.com

OCSP query can be performed using openssl as below:

openssl ocsp -noverify -no_nonce -respout ocspresponse.resp -reqout ocsprequest.req -issuer nvidiacertchain.pem -cert nvidiacert.pem -url "https://ocsp.ndis.nvidia.com" -text

OCSP Certificate Status API request and response require the below details:

An OCSP request contains the following data:

  • protocol version

  • service request

  • target certificate identifier

  • optional extensions, which MAY be processed by the OCSP responder

    • nonce

An OCSP response contains the following data:

  • version of the response syntax

  • identifier of the responder

  • time when the response was generated

  • responses for each of the certificates in a request

  • optional extensions

  • signature algorithm OID

  • signature computed across a hash of the response

The response for each of the certificates in a request consists of:

  • target certificate identifier

  • certificate status value

  • response validity interval

  • optional extensions

This specification defines the following definitive response indicators for use in the certificate status value:

  • good

  • revoked

  • unknown

Example output

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: 27C00D8DAB68F465BD71258DADD158A30B5C99F0
          Issuer Key Hash: 2D3E1FE02672EE00BFA96C52AE5E6314C1A1FE1C
          Serial Number: 860BEA704EB340D4
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: 9C88E9C064BB5DE772D4D9C494E5F760BE5E1DA0
    Produced At: Sep 11 05:56:09 2024 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 27C00D8DAB68F465BD71258DADD158A30B5C99F0
      Issuer Key Hash: 2D3E1FE02672EE00BFA96C52AE5E6314C1A1FE1C
      Serial Number: 860BEA704EB340D4
    Cert Status: good
    This Update: Sep 11 05:56:09 2024 GMT
    Next Update: Sep 12 05:56:09 2024 GMT

    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:30:2b:6b:cf:67:cc:50:b1:9e:2e:79:fd:d2:3c:f7:
        87:57:33:85:b3:ea:f6:f6:20:e6:f3:63:c9:29:c7:3f:3b:98:
        cc:47:19:82:f1:41:a7:08:68:ff:37:26:e7:d0:ef:b7:02:31:
        00:ff:dd:28:b3:c2:6a:10:4a:1f:92:9d:b7:84:8f:af:71:e2:
        12:59:a5:6e:2b:d3:bf:44:cc:56:44:a2:65:42:89:28:95:96:
        89:cf:44:46:c9:a7:52:ea:19:84:38:62:19
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c3:eb:f6:54:20:22:fd:ec:45:12:f2:4b:a5:03:a3:dd
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: CN=NVIDIA Reference Value L3 GH100 002, O=NVIDIA Corporation, C=US
        Validity
            Not Before: Oct 31 00:00:00 2023 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=NVIDIA OCSP Responder L3 GH100 002, O=NVIDIA Corporation, C=US
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:a2:cd:f3:76:5f:a2:51:f4:e2:0e:74:47:81:9a:
                    71:3f:85:e8:96:ba:02:4a:a5:a4:8e:90:4c:fc:45:
                    40:75:e1:d3:c9:48:89:bf:c4:d7:8c:b5:1d:9f:39:
                    d2:93:4d:56:12:75:0d:d7:5f:e6:0e:4b:59:21:05:
                    41:69:e7:ec:7a:8b:4d:eb:eb:df:6f:fd:31:f4:4e:
                    22:1e:3e:ab:17:67:e0:24:de:c7:9f:17:5e:60:f9:
                    0a:3b:ad:1f:2e:cb:75
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
            OCSP No Check: 

            X509v3 Subject Key Identifier: 
                9C:88:E9:C0:64:BB:5D:E7:72:D4:D9:C4:94:E5:F7:60:BE:5E:1D:A0
            X509v3 Authority Key Identifier: 
                2D:3E:1F:E0:26:72:EE:00:BF:A9:6C:52:AE:5E:63:14:C1:A1:FE:1C
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:31:00:ca:ba:4a:4f:17:33:c2:dc:2c:5d:2c:84:c0:
        a5:55:29:8e:0f:c0:84:a7:2c:6d:ef:00:3a:a0:43:44:a1:dc:
        ed:74:87:e3:68:80:83:f3:f5:bd:d4:e7:6e:e4:8e:fe:41:02:
        30:0c:db:61:a7:c4:85:c7:f3:cc:76:3d:34:79:b1:70:89:1f:
        a8:c7:e5:d0:36:af:94:34:98:dd:1a:d2:48:e0:52:65:49:37:
        05:f6:66:44:5a:95:d8:c8:71:0f:8b:c3:53
-----BEGIN CERTIFICATE-----
MIICdzCCAf2gAwIBAgIRAMPr9lQgIv3sRRLyS6UDo90wCgYIKoZIzj0EAwMwWDEs
MCoGA1UEAwwjTlZJRElBIFJlZmVyZW5jZSBWYWx1ZSBMMyBHSDEwMCAwMDIxGzAZ
BgNVBAoMEk5WSURJQSBDb3Jwb3JhdGlvbjELMAkGA1UEBhMCVVMwIhgPMjAyMzEw
MzEwMDAwMDBaGA8yMDI2MTAzMTAwMDAwMFowVzErMCkGA1UEAwwiTlZJRElBIE9D
U1AgUmVzcG9uZGVyIEwzIEdIMTAwIDAwMjEbMBkGA1UECgwSTlZJRElBIENvcnBv
cmF0aW9uMQswCQYDVQQGEwJVUzB2MBAGByqGSM49AgEGBSuBBAAiA2IABKLN83Zf
olH04g50R4GacT+F6Ja6AkqlpI6QTPxFQHXh08lIib/E14y1HZ850pNNVhJ1Dddf
5g5LWSEFQWnn7HqLTevr32/9MfROIh4+qxdn4CTex58XXmD5CjutHy7LdaOBhzCB
hDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEF
BQcDCTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBSciOnAZLtd53LU2cSU5fdg
vl4doDAfBgNVHSMEGDAWgBQtPh/gJnLuAL+pbFKuXmMUwaH+HDAKBggqhkjOPQQD
AwNoADBlAjEAyrpKTxczwtwsXSyEwKVVKY4PwISnLG3vADqgQ0Sh3O10h+NogIPz
9b3U527kjv5BAjAM22GnxIXH88x2PTR5sXCJH6jH5dA2r5Q0mN0a0kjgUmVJNwX2
ZkRaldjIcQ+Lw1M=
-----END CERTIFICATE-----
nvidiacert.txt: good
	This Update: Sep 11 05:56:09 2024 GMT
	Next Update: Sep 12 05:56:09 2024 GMT