Skip to main content
Skip table of contents

Release note Nexus OCSP Responder 6.2.2

Version: 6.2.2

Release Date: 2021-10-08


Broken TLSv1.3 handshake with Java 11.0.12

When running OCSP with Java 11.0.12, it was no longer possible to perform a successful TLS handshake with TLSv1.3 towards OCSP if the server TLS key is an RSA key. A Java code update of the TLSv1.3 protocol broke the RSASSA-PSS signature scheme used by TLSv1.3 in the Nexus ID2 provider.

OCSP response thisUpdate and nextUpdate for non-issued certs

This correction will make OCSP server set the thisUpdate and nextUpdate timestamps of the OCSP response for a certificate which is non-issued and not revoked to the corresponding values from the latest CIL for the issuer. Previously these values where taken from the last CRL.

Full CRL/CIL nextUpdate time

Corrects the nextUpdate time for the case when a full CIL/CRL replaces the previous CIL/CRL + delta(s). In this case the CIL/CRL should get the nextUpdate of the delta.

Validator cacheDir configuration uniqueness check

It has been possible to configure multiple validators in to use the (same) default cacheDir. When configured this way, it has sometimes caused OCSP to send incorrect responses. This change will cause OCSP startup failure (with an error message) if configured in this incorrect way. It is not recommended to configure more than one validator per type (CRL and CIL). Read more here: Validation section.

Detailed feature list

For a detailed overview of changed functionality, deprecated functions and corrected problems, see Release.txt which is provided with the installation media.


Contact Information

For information regarding support, training and other services in your area, please visit our website at


Nexus offers maintenance and support services for Nexus OCSP Responder to customers and partners. For more information, please refer to the Nexus Technical Support at, or contact your local sales representative.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.