This article provides installation requirements and interoperability data for Nexus OCSP Responder.
Nexus OCSP Responder scales well with a server of multiple cores. More memory can be required when many logical responders are hosted in a single server instance and large CRLs are loaded by the responder. For load tests, also consider the HSM performance to not introduce a bottle-neck. Performance is affected by the Nexus OCSP Responder signing key length.
The following operating systems are supported:
The following software is supported:
It is important that all participants in a PKI use the same time standard. Specifically Nexus OCSP Responder has to agree on the time with the CAs issuing CRLs/CILs and with the OCSP clients.
Make sure these clocks are synchronized, that is, the participants are using a synchronization protocol such as Network Time Protocol, NTP.
The following key types and corresponding signature algorithms in certificate, CA, CRL, CIL, and responder certificate are supported: