''locking as a duplicate of https://support.mozilla.org/en-US/questions/1165697'' Hi, I need one help here. As we know that Firfox support OCSP for certificate revocation check. Suppose if I have CA certifcate of an organization and in that cert in AIA attribute they have setted their own OCSP URI. IS it possible that if we would have CRL file of that CA certificate that will host in my local server, and at run time when certificate handshake will have happen before communication and according to OCSP protocol whatever the OCSP URI is provided in certifcate to check cert revocation online. I want that at run time can we redirect that OCSP call to my local server for revocation so that it wont go the original URI or you can say it should not go outside of my server and it will check locally to my server for revocation without tampering Certifcate OCSP URI. Please help here its really urgent for me to know this and if this is possible I need help in implementation. Many thanks.