OCSP responder itself is not necessary for proper functioning of X.509 infrastructure. It can, on the other hand, improve security of a system by allowing the users or services provided to users to perform an *on-line* verification of certificate's validity.
Still, it should be noted that OCSP responder by itself does not guarantee that the data it uses is fresh. This kind of guarantee must be made through external mechanisms which usually supply the OCSP responder software with the necessary data. This can include proper synchronisation of databases the OCSP uses etc.
OCSP responder can be implemented through one of the following applications:
- EJBCA