FreeS/WAN is a free implementation for Linux of IPSec, which allows the building of encrypted tunnels through any IP based network. For cases where a certificate is revoked before it expires, certificate revocation lists (CRL) provide a mechanism for maintaining the current statuses of the certificates. But in large environments a CRL can quickly grow to a considerable size. With OCSP there is now a protocol for querying the status of individual X.509 certificates. The use of OCSP avoids an additional load on the network and at the same time keeps the status information on the certificates up to date. This diploma thesis includes analysing the structure of FreeS/WAN and the implementation of a standards conformant OCSP client. During the design, the need for a cache of valid responses became necessary. Based on this concept, OCSP client functionality was integrated into FreeS/WAN. Since the implementation took less time than intended, more features were implemented. Additionally, more time was spent on details and a comprehensive test. If a FreeS/WAN gateway now receives a certificate containing the address of an OCSP server, it queries the server about the certificate's current status. Based on the response, the gateway can decide whether or not the connection with the client should be allowed. To minimize the delay caused by the OCSP request our implementat ion includes a cache to temporarily save received messages. The OCSP server updates the cache entries periodically. With our diploma thesis there now exists a standards conformant OCSP client for FreeS/WAN, which can be used in conjunction with the recently released OpenSSL OCSP server.