Domain: Security: Certificate Revocation Checking: OCSP
Configuration Options Related Tasks Related Topics
This page allows you to configure the OCSP (Online Certificate Status Protocol) SSL certificate revocation checking properties for this domain.
Configuration Options
Name Description Enable Nonce Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
MBean Attribute:
CertRevocMBean.OcspNonceEnabled
Enable Response Cache Determines whether the OCSP response local cache is enabled.
MBean Attribute:
CertRevocMBean.OcspResponseCacheEnabled
Response Timeout (seconds) Determines the timeout for the OCSP response, expressed in seconds.
The valid range is 1 thru 300 seconds.
MBean Attribute:
CertRevocMBean.OcspResponseTimeout
Minimum value:
1
Maximum value:
300
Time Tolerance (seconds) Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.
The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.
MBean Attribute:
CertRevocMBean.OcspTimeTolerance
Minimum value:
0
Maximum value:
900
Capacity Determines the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.
MBean Attribute:
CertRevocMBean.OcspResponseCacheCapacity
Minimum value:
1
Maximum value:
2147483647
Refresh Period (percent) Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.
For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.
The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).
The valid range is 1 through 100.
MBean Attribute:
CertRevocMBean.OcspResponseCacheRefreshPeriodPercent
Minimum value:
1
Maximum value:
100