Skip to main content
Skip table of contents

Response caching

This article describes response caching used in Nexus OCSP Responder.

Some certificates will be queried for more often than others. Nexus OCSP Responder has powerful caching mechanisms to reduce workload, latency and network bandwidth.

In this example, all responses produced for the ACME TrustCenter CA are cached for 2 minutes, and those produced for the Bank X are cached for 30 seconds. The choice of these settings of course depends on security policies and practices.

Example:

Specify as follows in the OCSP responder section section of the OSCP configuration file:

CODE
responder.1.type=cached

Specify as follows in the Back end client section section of the OSCP configuration file:

CODE
ocsp.client.request.usecache=true

Specify as follows in the OCSP response cache section section of the OSCP configuration file:

CODE
ocsp.cache.enable=true
ocsp.cache.contents.1.issuermatch=cn=CA01,o=Acme*
ocsp.cache.contents.1.expiresafter=PT1M
ocsp.cache.contents.2.issuermatch=*o=Bank X,*
ocsp.cache.contents.2.expiresafter=PT30S

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.