Document toolboxDocument toolbox

Response caching

This article describes response caching used in Nexus OCSP Responder.

Some certificates will be queried for more often than others. Nexus OCSP Responder has powerful caching mechanisms to reduce workload, latency and network bandwidth.

In this example, all responses produced for the ACME TrustCenter CA are cached for 2 minutes, and those produced for the Bank X are cached for 30 seconds. The choice of these settings of course depends on security policies and practices.

Example:

Specify as follows in the OCSP responder section section of the OSCP configuration file:

responder.1.type=cached

Specify as follows in the Back end client section section of the OSCP configuration file:

ocsp.client.request.usecache=true

Specify as follows in the OCSP response cache section section of the OSCP configuration file:

ocsp.cache.enable=true ocsp.cache.contents.1.issuermatch=cn=CA01,o=Acme* ocsp.cache.contents.1.expiresafter=PT1M ocsp.cache.contents.2.issuermatch=*o=Bank X,* ocsp.cache.contents.2.expiresafter=PT30S

Related information

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions