Notice that the OCSP response contains a nextUpdate field; OCSP responses may be cached and reused until that time has passed. Additionally, CAs are only required to publish the revocation (i.e. have the new OCSP response globally visible) within 24 hours of receiving a key compromise report (see BRs 4.9.1.1). So yes, it is fully expected and appropriate that you did not see the updated OCSP response immediately.
Aaron On Mon, Mar 16, 2026 at 9:38 AM Yuwei HAN (hanyuwei70) <[email protected]> wrote: > > For what it's worth, I guess you're talking about this key: > > https://x.com/realNyarime/status/2033428417488757122 > Yes. This is what I am talking about. > > > Sectigo ACME endpoint URL is: > > https://acme.sectigo.com/v2/keyCompromise > Thanks for your information, much help. > > When I was posting original post, I saw OCSP is responding ok(now it's > revoked). And I saw it is revoked at 2026-03-16 05:37:06 UTC. So is there a > gap between revocation and actual ocsp response? > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0a3c8975-5878-4d06-ae64-2544799626f5n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0a3c8975-5878-4d06-ae64-2544799626f5n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnErcUVe%3DUHeUo8jBsAurvYofFeybbi8%2BTFr-thkkw4PJpNA%40mail.gmail.com.
