Response caching
This article describes response caching used in Nexus OCSP Responder.
Some certificates will be queried for more often than others. Nexus OCSP Responder has powerful caching mechanisms to reduce workload, latency and network bandwidth.
In this example, all responses produced for the ACME TrustCenter CA are cached for 2 minutes, and those produced for the Bank X are cached for 30 seconds. The choice of these settings of course depends on security policies and practices.
Example:
Specify as follows in the OCSP responder section section of the OSCP configuration file:
responder.1.type=cached
Specify as follows in the Back end client section section of the OSCP configuration file:
ocsp.client.request.usecache=true
Specify as follows in the OCSP response cache section section of the OSCP configuration file:
ocsp.cache.enable=true
ocsp.cache.contents.1.issuermatch=cn=CA01,o=Acme*
ocsp.cache.contents.1.expiresafter=PT1M
ocsp.cache.contents.2.issuermatch=*o=Bank X,*
ocsp.cache.contents.2.expiresafter=PT30S
Related information
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions