This article provides installation requirements and interoperability data for Nexus OCSP Responder.


CPUQuad Core 2.4 GHz
Disk size

20 GB

Memory4 GB RAM


64-bit PKCS#11-driver

Nexus OCSP Responder scales well with a server of multiple cores. More memory can be required when many logical responders are hosted in a single server instance and large CRLs are loaded by the responder. For load tests, also consider the HSM performance to not introduce a bottle-neck. Performance is affected by the Nexus OCSP Responder signing key length.

The following operating systems are supported:

  • CentOS 7, 8
  • Red Hat Enterprise Linux 7, 8
  • SUSE Linux Enterprise Server 15
  • OpenSUSE Leap 15
  • Microsoft Windows 2012 Server
  • Microsoft Windows 2016 Server
  • Microsoft Windows 2019 Server

The following software is supported:

  • 64-bit Java Runtime Environment (JRE) version 11.
  • Nexus OCSP Responder is compatible with both OpenJDK and Oracle Java.

It is important that all participants in a PKI use the same time standard. Specifically Nexus OCSP Responder has to agree on the time with the CAs issuing CRLs/CILs and with the OCSP clients.

Make sure these clocks are synchronized, that is, the participants are using a synchronization protocol such as Network Time Protocol, NTP.


The following key types and corresponding signature algorithms in certificate, CA, CRL, CIL, and responder certificate are supported:

Key types

  • RSA
  • EC
  • Edward


  • SHA-1
  • SHA-2

This article is valid from Nexus OCSP Responder 6.1.

Related information