SSLCRLCacheLifetime

FlexNet Manager Suite 2020 R2 (On-Premises)

Command line | Registry

SSLCRLCacheLifetime, supported only for UNIX-like platforms, sets the maximum lifetime of certificate Revocation Lists (CRLs) cached in the SSLCRLPath, expressed as a whole number of seconds. A cached CRL is expired on the earlier of:

Its own nextUpdate value (which is the certificate's valid until date), or
The sum of the SSLOCSPCacheLifetime and the operating system's Last modified date/time on the cached file.

The special case of 0 means that the cache lifetime is disabled, and a CRL expires as set in its nextUpdate field. (If the CRL does not have any nextUpdate value when the SSLCRLCacheLifetime=0, the CRL is not cached.)

Depending on your environment, one possible use is to set this to about 10 minutes (600 seconds). This is sufficient for an agent to complete a policy update, for example, and then refresh the cache on the next occurrence.

Values

Values / range	Zero, or a positive integer.
Default value	`0` This default means that certificate validity period is as specified on the certificate itself.
Example values	`600`

Command line

Tool	Inventory component (ndtrack), installation component (ndlaunch), and upload component (ndupload)
Example	`-o SSLCRLCacheLifetime=600`

Registry

Installed by	Code internals, or manual configuration
Computer preference	`[Registry]\ManageSoft\Common` or `[Registry]\ManageSoft\<Agent>\CurrentVersion` where `<Agent>` is the registry key for an individual agent

FlexNet Manager Suite (On-Premises)

2020 R2