Certificate cache section
This article describes how to specify the certificate cache used in Nexus OCSP Responder. This is done in the "Certificate cache" section of the Nexus OCSP Responder configuration file.
The certificate cache is a cache directory where "non-trusted" certificates (meaning all certificates except those for the trusted CAs) are stored. Each certificate is stored in a file of its own. After validation, all certificates that need a directory service lookup can be stored using a disk caching mechanism. Nexus OCSP Responder will not search for the certificates in the directory service at the next request.
Specify cache directories for the certificates
In the OSCP configuration file, specify directory and size as follows:
ocsp.certs.persistentdir=<directory>
ocsp.certs.cachedir=<cache-directory>
ocsp.certs.maxsize=<maxsize>[K|M|G]
ocsp.certs.maxnum=<maxnum>[K|M|G]
See this table for description of constants and values:
Constants and Values | Description |
---|---|
| Replace Default: This directory is used for intermediate CA-certificates and remote OCSP responder certificates, that shall remain persistent in the cache. Copy those certificate files into this directory. At system restart these certificates are read into the cache and remain there. |
| Replace Default: |
| Replace Default: |
| Replace Default: |
When the size limit is reached (in terms of memory or in number of certificates), the least recently used certificate will be replaced.