When you configure OCSP certificate revocation checking, VMware Horizon sends a request to an OCSP Responder to determine the revocation status of a specific user certificate. VMware Horizon uses an OCSP signing certificate to verify that the responses it receives from the OCSP Responder are genuine.

If the user certificate is revoked and smart card authentication is optional, the Enter your user name and password dialog box appears and the user must provide a password to authenticate. If smart card authentication is required, the user receives an error message and is not allowed to authenticate.

VMware Horizon falls back to CRL checking if it does not receive a response from the OCSP Responder or if the response is invalid.