Versions Compared

Old Version 1

changes.mady.by.user Ann Base (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes response caching used in Nexus OCSP Responder.

Some certificates will be queried for more often than others. Nexus OCSP Responder has powerful caching mechanisms to reduce workload, latency and network bandwidth.

In this example, all responses produced for the ACME TrustCenter CA are cached for 2 minutes, and those produced for the Bank X are cached for 30 seconds. The choice of these settings of course depends on security policies and practices.

Example:

Specify as follows in the OCSP responder section section of the OSCP configuration file:

Code Block
responder.1.type=cached

Specify as follows in the Back end client section section of the OSCP configuration file:

Code Block
ocsp.client.request.usecache=true

Specify as follows in the OCSP response cache section section of the OSCP configuration file:

Code Block
ocsp.cache.enable=true
ocsp.cache.contents.1.issuermatch=cn=CA01,o=Acme*
ocsp.cache.contents.1.expiresafter=PT1M
ocsp.cache.contents.2.issuermatch=*o=Bank X,*
ocsp.cache.contents.2.expiresafter=PT30S

Related information