Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
This article provides installation requirements and interoperability data for Nexus OCSP Responder.
Requirements
Expand | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Nexus OCSP Responder scales well with a server of multiple cores. More memory can be required when many logical responders are hosted in a single server instance and large CRLs are loaded by the responder. For load tests, also consider the HSM performance to not introduce a bottle-neck. Performance is affected by the Nexus OCSP Responder signing key length. |
Expand | ||
---|---|---|
| ||
The following operating systems are supported:
|
Expand | ||
---|---|---|
| ||
The following software is supported:
|
Expand | ||
---|---|---|
| ||
It is important that all participants in a PKI use the same time standard. Specifically Nexus OCSP Responder has to agree on the time with the CAs issuing CRLs/CILs and with the OCSP clients. Make sure these clocks are synchronized, that is, the participants are using a synchronization protocol such as Network Time Protocol, NTP. |
Interoperability
Expand | ||
---|---|---|
| ||
A PKCS#11 compliant device can be used for handling of CA key pairs, system keys, protection of archived keys, and for key generation. For functional specifications, known issues and limitations related to current PKCS#11 drivers, see each HSM vendor’s web site. The following devices are explicitly verified for Certificate Manager and for Nexus OCSP Responder:
|
Expand | ||
---|---|---|
| ||
The following key types and corresponding signature algorithms in certificate, CA, CRL, CIL, and responder certificate are supported: Key types
Algorithms
|
This article includes updates for Nexus OCSP Responder 6.2.6.