When you configure OCSP certificate revocation checking, Horizon 7 sends a request to an OCSP Responder to determine the revocation status of a specific user certificate. Horizon 7 uses an OCSP signing certificate to verify that the responses it receives from the OCSP Responder are genuine.

If the user certificate is revoked and smart card authentication is optional, the Enter your user name and password dialog box appears and the user must provide a password to authenticate. If smart card authentication is required, the user receives an error message and is not allowed to authenticate.

Horizon 7 falls back to CRL checking if it does not receive a response from the OCSP Responder or if the response is invalid.