Page Comparison

...

Info
This article is valid for Nexus OCSP Responder 6.2.2 and later.

This article describes how to configure Nexus OCSP Responder to validate a certificate. This is done in the "Validation" section of the Nexus OCSP Responder configuration file. Certificates can be validated by checking for revocation data locally in a CRL (Certificate Revocation List) or (if enabled) in a CIL (Certificate Issuance List) cache or by forwarding the request to a remote OCSP responder.

...

Expand

title	Specify providers for the validators

For each validator:

Specify at least one provider to keep the CRL cache constantly up-to-date. This can be done by pull or push methods:
- type=pull - Periodically polling a directory for new CRL versions. Note that pull is not available for CILs.
- type=push - Waiting for incoming CRLs/CILs, pushed from a CA, for example, Nexus Certificate Manager.

For each provider, specify as follows in the OCSP configuration file:

Code Block
ocsp.validation.<v#>.provider.<p#>.type=[pull\|push]

Description of constants and values:

Constants and Values	Description
`<v#>`	Replace `<v#>` with the validator sequence number.
`<p#>`	Replace `<p#>` with the provider sequence number.
pull \| push	Enter `pull` to indicate that the provider shall fetch CRL information. See Configure CRL provider type Pull for additional specifications. Enter `push` to indicate that the provider shall listen for CRL/CIL information. See Configure CRL/CIL provider type Push for additional specifications.

CRL providers with type=pull are not available for CILs.

...

Versions Compared

Old Version 5

New Version 6

Key