An organization needs to check the status of a certificate to see if it has been revoked. They only want to check the status of this one certificate. What should they use to do this most efficiently?
The Online certificate status protocol (OCSP) is an internet protocol where the revocation status of certificates can be obtained. OCSP allows for the revocation status of a single certificate to be obtained while the certificate revocation list (CRL) will only return a list of revoked certificates. Due to this a CRL can be quite large and difficult to digest.
Wikipedia
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.
Some web browsers (e.g., Firefox) use OCSP to validate HTTPS certificates, while others have disabled it. Most OCSP revocation statuses on the Internet disappear soon after certificate expiration.