You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
This article describes how to specify the certificate cache used in Nexus OCSP Responder. This is done in the "Certificate cache" section of the Nexus OCSP Responder configuration file.
The certificate cache is a cache directory where "non-trusted" certificates (meaning all certificates except those for the trusted CAs) are stored. Each certificate is stored in a file of its own. After validation, all certificates that need a directory service lookup can be stored using a disk caching mechanism. Nexus OCSP Responder will not search for the certificates in the directory service at the next request.
Specify cache directories for the certificates
In the OSCP configuration file, specify directory and size as follows:
ocsp.certs.persistentdir=<directory>
ocsp.certs.cachedir=<cache-directory>
ocsp.certs.maxsize=<maxsize>[K|M|G]
ocsp.certs.maxnum=<maxnum>[K|M|G]
See this table for description of constants and values:
Constants and Values | Description |
---|
<directory>
| Replace <directory> with the path to the directory that should hold the persistent certificates. Default: certs/ persist-cache This directory is used for intermediate CA-certificates and remote OCSP responder certificates, that shall remain persistent in the cache. Copy those certificate files into this directory. At system restart these certificates are read into the cache and remain there. |
<cache-directory>
| Replace <cache-directory> with the path to the directory where the non-persistent certificates will be saved. All certificate files in this directory will be read into the cache at system restart. Default: certs/cache |
<maxsize>
| Replace <maxsize> with the maximum size of the directory, in bytes. You can use K, M or G when you specify the size. K=1024, M=K2 and G=K3. Default: 10M |
<maxnum>
| Replace <maxnum> with the maximum number of certificates. You can use K, M or G when you specify the number. K=1000, M=K2 and G=K3. Default: 1K |
When the size limit is reached (in terms of memory or in number of certificates), the least recently used certificate will be replaced.