- This line was added.
- This line was removed.
- Formatting was changed.
This article provides installation requirements and interoperability data for Nexus OCSP Responder.
Nexus OCSP Responder scales well with a server of multiple cores. More memory can be required when many logical responders are hosted in a single server instance and large CRLs are loaded by the responder. For load tests, also consider the HSM performance to not introduce a bottle-neck. Performance is affected by the Nexus OCSP Responder signing key length.
The following operating systems are supported:
The following software is supported:
It is important that all participants in a PKI use the same time standard. Specifically Nexus OCSP Responder has to agree on the time with the CAs issuing CRLs/CILs and with the OCSP clients.
Make sure these clocks are synchronized, that is, the participants are using a synchronization protocol such as Network Time Protocol, NTP.
|Supported hardware security modules (HSM) in Certificate Manager||Supported hardware security modules (HSM) in Certificate Manager||nopaneltrueA PKCS#11 compliant device can be used for handling of CA key pairs, system keys, protection of archived keys, and for key generation.|
|PIN decryption is not allowed using a FIPS mode HSM.|
The following key types and corresponding signature algorithms in certificate, CA, CRL, CIL, and responder certificate are supported: