The Online Certificate Status Manager is an optional subsystem that acts as an OCSP service. Although the Certificate Manager is configured with an internal OCSP service, an external OCSP responder is offered as a separate subsystem to provide OCSP service outside a firewall while the Certificate Manager resides inside a firewall or to balance the load of requests on the Certificate Manager.

The Online Certificate Status Manager performs the task of an online certificate validation authority by enabling OCSP-compliant clients to verify certificate status. (An online certificate-validation authority is often referred to as an OCSP responder.) The Online Certificate Status Manager can also receive CRLs from multiple Certificate Managers, and clients can query the Online Certificate Status Manager for the revocation status of certificates issued by all the Certificate Managers.

When an OCSP responder is set up with a Certificate Manager, and publishing is set up to the OCSP responder, CRLs are published to the OCSP responder when they are issued or updated.