diff --git a/src/file_analysis/analyzer/ocsp/OCSP.cc b/src/file_analysis/analyzer/ocsp/OCSP.cc
index d0b1a62f90..df0dbc5599 100644
--- a/src/file_analysis/analyzer/ocsp/OCSP.cc
+++ b/src/file_analysis/analyzer/ocsp/OCSP.cc
@@ -411,7 +411,8 @@ RecordVal *file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val)
 	OCSP_BASICRESP  *basic_resp  = NULL;
 	OCSP_RESPDATA   *resp_data   = NULL;
 	OCSP_RESPID     *resp_id     = NULL;
-	OCSP_SINGLERESP *single_resp = NULL;	
+	OCSP_SINGLERESP *single_resp = NULL;
+	OCSP_REVOKEDINFO *revoked_info = NULL;
 	
 	//OCSP_CERTSTATUS *cst = NULL;
 	//OCSP_REVOKEDINFO *rev = NULL;
@@ -495,8 +496,31 @@ RecordVal *file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val)
 		ocsp_fill_cert_id(cert_id, single_resp_bro);
 
 		//certStatus
-		const char *cert_status_str = OCSP_cert_status_str(single_resp->certStatus->type);
-		single_resp_bro->Assign(4, new StringVal(strlen(cert_status_str), cert_status_str));
+		string cert_status_str = OCSP_cert_status_str(single_resp->certStatus->type);
+		string revoke_reason = "";
+		string revoke_time = "";
+
+		//add revocation time and reason if it is revoked
+		if (single_resp->certStatus->type == V_OCSP_CERTSTATUS_REVOKED)
+			{
+			revoked_info = single_resp->certStatus->value.revoked;
+			len = -1;
+			len = ASN1_GENERALIZEDTIME_to_cstr(buf, buf_len, (void *)(revoked_info->revocationTime));
+			if (len > 0)
+				revoke_time.assign((const char *)buf, len);
+
+			if (revoked_info->revocationReason)
+				{
+				long l = ASN1_ENUMERATED_get(revoked_info->revocationReason);
+				revoke_reason = OCSP_crl_reason_str(l);
+				}
+			}
+		if (revoke_time.length() > 0)
+			cert_status_str += " " + revoke_time;
+		if (revoke_reason.length() > 0)
+			cert_status_str += " " + revoke_reason;
+
+		single_resp_bro->Assign(4, new StringVal(cert_status_str.length(), cert_status_str.c_str()));
 
 		//thisUpdate
 		len = -1;
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/ocsp.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/ocsp.log
new file mode 100644
index 0000000000..8876f251e7
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-revoked/ocsp.log
@@ -0,0 +1,13 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ocsp
+#open	2015-07-31-20-35-18
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	req.index	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.index	resp.certStatus	resp.thisUpdate	resp.nextUpdate	method
+#types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	count	time	string	string	string	count	string	string	count	string	string	string	string
+1438374032.518621	192.168.6.109	41812	23.5.251.27	80	CXWv6p3arKYeMETxOg	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	010BF45E184C4169AB61B41168DF802E	FDsgjS1bTYOzDpRJT4	0	-	1	1438374032.607628	Ftl4F41OsGtUDrOTWc	successful	Basic OCSP Response	0	F6215E926EB3EC41FE08FC25F09FB1B9A0344A10	20150707162834Z	1	revoked 20150514145849Z superseded	20150707162834Z	20150929011242Z	POST
+1438374032.650255	192.168.6.109	41813	23.5.251.27	80	CjhGID4nQcgTWjvg4c	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	013D34BFD6348EBA231D6925768ACD87	F5Tv7Z16QkNApNg0yl	0	-	1	1438374032.732035	FXISxH2UuTiDn0qCa1	successful	Basic OCSP Response	0	F6215E926EB3EC41FE08FC25F09FB1B9A0344A10	20150707212334Z	1	revoked 20150127203801Z unspecified	20150707212334Z	20150930071359Z	POST
+1438374032.759133	192.168.6.109	41814	23.5.251.27	80	CCvvfg3TEfuqmmG4bh	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	0150C0C06D53F9D39205D84EFB5F2BA4	FGzVem3KYelVVdAze	0	-	1	1438374032.848522	F3OYfx3A0JvMX787V3	successful	Basic OCSP Response	0	F6215E926EB3EC41FE08FC25F09FB1B9A0344A10	20150707030344Z	1	revoked 20150528055348Z (UNKNOWN)	20150707030344Z	20150928205739Z	POST
+1438374032.875001	192.168.6.109	41815	23.5.251.27	80	CsRx2w45OKnoww6xl4	sha1	74241467069FF5E0983F5E3E1A6BA0652A541575	0159ABE7DD3A0B59A66463D6CF200757D591E76A	017447CB30072EE15B9C1B057B731C5A	FbmX4PpDIRU82YGK8	0	-	1	1438374033.033504	FVty9v3KTnCvbg0Xf2	successful	Basic OCSP Response	0	F6215E926EB3EC41FE08FC25F09FB1B9A0344A10	20150708020344Z	1	revoked 20150117113259Z keyCompromise	20150708020344Z	20150928165507Z	POST
+#close	2015-07-31-20-35-18
diff --git a/testing/btest/Traces/tls/ocsp-revoked.pcap b/testing/btest/Traces/tls/ocsp-revoked.pcap
new file mode 100644
index 0000000000..a2cd4509ad
Binary files /dev/null and b/testing/btest/Traces/tls/ocsp-revoked.pcap differ
diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test
new file mode 100644
index 0000000000..3b3bf0a61b
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test
@@ -0,0 +1,4 @@
+# This tests a OCSP request missing response
+
+# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT
+# @TEST-EXEC: btest-diff ocsp.log