Nexus OCSP Responder architecture overview
This figure describes Nexus OCSP Responder with its components and their external interfaces.
- The logical OCSP responders make up the interface exposed to the OCSP clients, which typically may be web browsers, mail clients etc.
- The logical OCSP responders can either forward the request to a remote responder (see Back end client section), or query local data in the CRL/CIL cache (see Validation section). The CRL/CIL cache is provided with fresh CRLs by pull and push methods and CILs by push methods (see Validation section).
- To save time, the responses from certain root CAs can be cached (see OCSP response cache section).
- Key management handles all the keys needed for signing OCSP responses and for TLS client and server authentication (see Key management section).
- System management (see System management section) contains the agent that listens to all log messages. If Nexus OCSP Responder works in an environment that includes a built-in system monitor – a supervisor, the agent can also send signals to and receive signals from the supervisor.
- The workflow for different types of OCSP responders is described in Workflow for Nexus OCSP Responders.