Skip to main content
Skip table of contents

Certificate cache section

This article describes how to specify the certificate cache used in Nexus OCSP Responder. This is done in the "Certificate cache" section of the Nexus OCSP Responder configuration file.

The certificate cache is a cache directory where "non-trusted" certificates (meaning all certificates except those for the trusted CAs) are stored. Each certificate is stored in a file of its own. After validation, all certificates that need a directory service lookup can be stored using a disk caching mechanism. Nexus OCSP Responder will not search for the certificates in the directory service at the next request. 

Specify cache directories for the certificates

  • In the OSCP configuration file, specify directory and size as follows:

    CODE 
    ocsp.certs.persistentdir=<directory>
ocsp.certs.cachedir=<cache-directory>
ocsp.certs.maxsize=<maxsize>[K|M|G]
ocsp.certs.maxnum=<maxnum>[K|M|G]

    See this table for description of constants and values:

    Constants and ValuesDescription

    <directory>

    Replace <directory> with the path to the directory that should hold the persistent certificates.

    Default: certs/persist-cache

    This directory is used for intermediate CA-certificates and remote OCSP responder certificates, that shall remain persistent in the cache. Copy those certificate files into this directory. At system restart these certificates are read into the cache and remain there.

    <cache-directory>

    Replace <cache-directory> with the path to the directory where the non-persistent certificates will be saved. All certificate files in this directory will be read into the cache at system restart.

    Default: certs/cache

    <maxsize>

    Replace <maxsize> with the maximum size of the directory, in bytes. You can use K, M or G when you specify the size. K=1024, M=K2 and G=K3.

    Default: 10M

    <maxnum>

    Replace <maxnum> with the maximum number of certificates. You can use K, M or G when you specify the number. K=1000, M=K2 and G=K3.

    Default: 1K

    When the size limit is reached (in terms of memory or in number of certificates), the least recently used certificate will be replaced.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close