Release note Nexus OCSP Responder 6.4.1

Release date: 2025-06-04

New functions

Allow disabling of fallback on status 'Good' in OCSP fallback

Introduces the new configuration parameter 'checkgoodstatus' to the responder type 'fallback'. This parameter makes it possible to enable/disable fallback if the certStatus is 'Good', which enables configuring the fallback responder to only fallback in case the certStatus was revoked with reason certificateHold.
Unless specified in the ocsp.conf, 'checkgoodstatus' will default to 'true'.

For more information see “Workflow for responders of type fallback” in Workflow for Nexus OCSP Responders and OCSP Fallback Responder.

Changed functions

key.store.store.<#>.pin parameter for PKCS#11 key stores

The configuration parameter "key.store.store.<#>.pin" is now also enabled for use with PKCS#11 key stores. This is to enable support for the Utimaco CP5 HSM. If currently having the "key.store.store.<#>.pin" parameter configured for a PKCS#11 key store it may cause failure to login after upgrading. In such cases, the parameter may need to be removed, or the "key.store.store.<#>.tokenlabel" may need to be added.

Corrected problems

certadm tool for the OCSP Responder container release

The certadm tool is now available as a standalone distributable in the OCSP Responder container release distribution. The standard OCSP Responder distribution for Windows and Linux is unaffected.

Detailed feature list

For a detailed overview of changed functionality, deprecated functions, and corrected problems, see Release.txt which is provided with the installation media.

Contact and support

For information regarding support, training, and other services in your area, visit http://www.nexusgroup.com/. 

Nexus offers maintenance and support services for Nexus OCSP Responder to customers and partners. For more information, see Nexus Technical Support or contact your local sales representative.