Versions Compared

Old Version 1

changes.mady.by.user Ann Base

Saved on

compared with

New Version 2

changes.mady.by.user Josefin Klang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: OCSP 6.2.5 - updated intro text and added a link under related info.

This article describes how to specify the certificate cache used in Nexus OCSP Responder. This is done in the "Certificate cache" section of the Nexus OCSP Responder configuration file.

The certificate cache is a cache directory where "non-trusted" certificates (meaning all certificates except those for the trusted CAs) are stored. Each certificate is stored in a file of its own. The certificate files are  After validation, all certificates that need a directory service lookup can be stored using a disk caching mechanism, so that . Nexus OCSP Responder do not have to look them up in a directory will not search for the certificates in the directory service at the next request. 

Expand
titleSpecify cache directories for the certificates

  1. In the OSCP configuration file, specify directory and size as follows:

    Code Block
    ocsp.certs.persistentdir=<directory>
ocsp.certs.cachedir=<cache-directory>
ocsp.certs.maxsize=<maxsize>[K|M|G]
ocsp.certs.maxnum=<maxnum>[K|M|G]

    See this table for description of constants and values:

    Constants and ValuesDescription

    <directory>

    Replace <directory> with the path to the directory that should hold the persistent certificates.

    Default: certs/persist-cache

    This directory is used for intermediate CA-certificates and remote OCSP responder certificates, that shall remain persistent in the cache. Copy those certificate files into this directory. At system restart these certificates are read into the cache and remain there.

    <cache-directory>

    Replace <cache-directory> with the path to the directory where the non-persistent certificates will be saved. All certificate files in this directory will be read into the cache at system restart.

    Default: certs/cache

    <maxsize>

    Replace <maxsize> with the maximum size of the directory, in bytes. You can use K, M or G when you specify the size. K=1024, M=K2 and G=K3.

    Default: 10M

    <maxnum>

    Replace <maxnum> with the maximum number of certificates. You can use K, M or G when you specify the number. K=1000, M=K2 and G=K3.

    Default: 1K

    When the size limit is reached (in terms of memory or in number of certificates), the least recently used certificate will be replaced.


Related information