Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Domain: Security: Certificate Revocation Checking: OCSP

Configuration Options     Related Tasks     Related Topics

This page allows you to configure the OCSP (Online Certificate Status Protocol) SSL certificate revocation checking properties for this domain.

Configuration Options

Name Description
Enable Nonce

Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

MBean Attribute:

Enable Response Cache

Determines whether the OCSP response local cache is enabled.

MBean Attribute:

Response Timeout (seconds)

Determines the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

MBean Attribute:

Minimum value: 1

Maximum value: 300

Time Tolerance (seconds)

Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

MBean Attribute:

Minimum value: 0

Maximum value: 900


Determines the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.

MBean Attribute:

Minimum value: 1

Maximum value: 2147483647

Refresh Period (percent)

Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

MBean Attribute:

Minimum value: 1

Maximum value: 100

Related Tasks

Related Topics

Back to Top