API Documentation#
OCSP service provides real time verification of the status of NVIDIA device identity certificates.
OCSP Endpoint: https://ocsp.ndis.nvidia.com
OCSP query can be performed using openssl as below:
openssl ocsp -noverify -no_nonce -respout ocspresponse.resp -reqout ocsprequest.req -issuer nvidiacertchain.pem -cert nvidiacert.pem -url "https://ocsp.ndis.nvidia.com" -text
OCSP Certificate Status API request and response require the below details:
An OCSP request contains the following data:
protocol version
service request
target certificate identifier
optional extensions, which MAY be processed by the OCSP responder
nonce
An OCSP response contains the following data:
version of the response syntax
identifier of the responder
time when the response was generated
responses for each of the certificates in a request
optional extensions
signature algorithm OID
signature computed across a hash of the response
The response for each of the certificates in a request consists of:
target certificate identifier
certificate status value
response validity interval
optional extensions
This specification defines the following definitive response indicators for use in the certificate status value:
good
revoked
unknown
Example output
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 27C00D8DAB68F465BD71258DADD158A30B5C99F0
Issuer Key Hash: 2D3E1FE02672EE00BFA96C52AE5E6314C1A1FE1C
Serial Number: 860BEA704EB340D4
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: 9C88E9C064BB5DE772D4D9C494E5F760BE5E1DA0
Produced At: Sep 11 05:56:09 2024 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 27C00D8DAB68F465BD71258DADD158A30B5C99F0
Issuer Key Hash: 2D3E1FE02672EE00BFA96C52AE5E6314C1A1FE1C
Serial Number: 860BEA704EB340D4
Cert Status: good
This Update: Sep 11 05:56:09 2024 GMT
Next Update: Sep 12 05:56:09 2024 GMT
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:65:02:30:2b:6b:cf:67:cc:50:b1:9e:2e:79:fd:d2:3c:f7:
87:57:33:85:b3:ea:f6:f6:20:e6:f3:63:c9:29:c7:3f:3b:98:
cc:47:19:82:f1:41:a7:08:68:ff:37:26:e7:d0:ef:b7:02:31:
00:ff:dd:28:b3:c2:6a:10:4a:1f:92:9d:b7:84:8f:af:71:e2:
12:59:a5:6e:2b:d3:bf:44:cc:56:44:a2:65:42:89:28:95:96:
89:cf:44:46:c9:a7:52:ea:19:84:38:62:19
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c3:eb:f6:54:20:22:fd:ec:45:12:f2:4b:a5:03:a3:dd
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=NVIDIA Reference Value L3 GH100 002, O=NVIDIA Corporation, C=US
Validity
Not Before: Oct 31 00:00:00 2023 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=NVIDIA OCSP Responder L3 GH100 002, O=NVIDIA Corporation, C=US
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:a2:cd:f3:76:5f:a2:51:f4:e2:0e:74:47:81:9a:
71:3f:85:e8:96:ba:02:4a:a5:a4:8e:90:4c:fc:45:
40:75:e1:d3:c9:48:89:bf:c4:d7:8c:b5:1d:9f:39:
d2:93:4d:56:12:75:0d:d7:5f:e6:0e:4b:59:21:05:
41:69:e7:ec:7a:8b:4d:eb:eb:df:6f:fd:31:f4:4e:
22:1e:3e:ab:17:67:e0:24:de:c7:9f:17:5e:60:f9:
0a:3b:ad:1f:2e:cb:75
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
OCSP Signing
OCSP No Check:
X509v3 Subject Key Identifier:
9C:88:E9:C0:64:BB:5D:E7:72:D4:D9:C4:94:E5:F7:60:BE:5E:1D:A0
X509v3 Authority Key Identifier:
2D:3E:1F:E0:26:72:EE:00:BF:A9:6C:52:AE:5E:63:14:C1:A1:FE:1C
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:65:02:31:00:ca:ba:4a:4f:17:33:c2:dc:2c:5d:2c:84:c0:
a5:55:29:8e:0f:c0:84:a7:2c:6d:ef:00:3a:a0:43:44:a1:dc:
ed:74:87:e3:68:80:83:f3:f5:bd:d4:e7:6e:e4:8e:fe:41:02:
30:0c:db:61:a7:c4:85:c7:f3:cc:76:3d:34:79:b1:70:89:1f:
a8:c7:e5:d0:36:af:94:34:98:dd:1a:d2:48:e0:52:65:49:37:
05:f6:66:44:5a:95:d8:c8:71:0f:8b:c3:53
-----BEGIN CERTIFICATE-----
MIICdzCCAf2gAwIBAgIRAMPr9lQgIv3sRRLyS6UDo90wCgYIKoZIzj0EAwMwWDEs
MCoGA1UEAwwjTlZJRElBIFJlZmVyZW5jZSBWYWx1ZSBMMyBHSDEwMCAwMDIxGzAZ
BgNVBAoMEk5WSURJQSBDb3Jwb3JhdGlvbjELMAkGA1UEBhMCVVMwIhgPMjAyMzEw
MzEwMDAwMDBaGA8yMDI2MTAzMTAwMDAwMFowVzErMCkGA1UEAwwiTlZJRElBIE9D
U1AgUmVzcG9uZGVyIEwzIEdIMTAwIDAwMjEbMBkGA1UECgwSTlZJRElBIENvcnBv
cmF0aW9uMQswCQYDVQQGEwJVUzB2MBAGByqGSM49AgEGBSuBBAAiA2IABKLN83Zf
olH04g50R4GacT+F6Ja6AkqlpI6QTPxFQHXh08lIib/E14y1HZ850pNNVhJ1Dddf
5g5LWSEFQWnn7HqLTevr32/9MfROIh4+qxdn4CTex58XXmD5CjutHy7LdaOBhzCB
hDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEF
BQcDCTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBSciOnAZLtd53LU2cSU5fdg
vl4doDAfBgNVHSMEGDAWgBQtPh/gJnLuAL+pbFKuXmMUwaH+HDAKBggqhkjOPQQD
AwNoADBlAjEAyrpKTxczwtwsXSyEwKVVKY4PwISnLG3vADqgQ0Sh3O10h+NogIPz
9b3U527kjv5BAjAM22GnxIXH88x2PTR5sXCJH6jH5dA2r5Q0mN0a0kjgUmVJNwX2
ZkRaldjIcQ+Lw1M=
-----END CERTIFICATE-----
nvidiacert.txt: good
This Update: Sep 11 05:56:09 2024 GMT
Next Update: Sep 12 05:56:09 2024 GMT
End-user License Agreement#
Users who use NVIDIA Attestation Cloud Services or the NVIDIA Trust software components, without an Enterprise Product license may exercise the software and services solely for the purposes of development of a computing service, not a commercial offering/ redistribution. A commercial Enterprise Product license must be obtained before offering the software within a paid commercial service. Please see the End-user License Agreement for more information on data collection.
Product-Specific Terms#
In addition to the End-user License Agreement, users are also subject to the Product-Specific Terms for Computing. Please review the Product Specific Terms for more information.
Support#
For support, contact us at attestation-support@nvidia.com