| |
Domain: Security: Certificate Revocation Checking: OCSP
Configuration Options Related Tasks Related Topics
This page allows you to configure the OCSP (Online Certificate Status Protocol) SSL certificate revocation checking properties for this domain.
Configuration Options
Name Description Enable Nonce Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
MBean Attribute:
CertRevocMBean.OcspNonceEnabledEnable Response Cache Determines whether the OCSP response local cache is enabled.
MBean Attribute:
CertRevocMBean.OcspResponseCacheEnabledResponse Timeout (seconds) Determines the timeout for the OCSP response, expressed in seconds.
The valid range is 1 thru 300 seconds.
MBean Attribute:
CertRevocMBean.OcspResponseTimeoutMinimum value:
1Maximum value:
300Time Tolerance (seconds) Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.
The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.
MBean Attribute:
CertRevocMBean.OcspTimeToleranceMinimum value:
0Maximum value:
900Capacity Determines the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.
MBean Attribute:
CertRevocMBean.OcspResponseCacheCapacityMinimum value:
1Maximum value:
2147483647Refresh Period (percent) Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.
For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.
The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).
The valid range is 1 through 100.
MBean Attribute:
CertRevocMBean.OcspResponseCacheRefreshPeriodPercentMinimum value:
1Maximum value:
100
|