SSLCRLCacheLifetime

IT Asset Management (Cloud)

Command line | Registry

SSLCRLCacheLifetime, supported only for UNIX-like platforms, sets the maximum lifetime of certificate Revocation Lists (CRLs) cached in the SSLCRLPath, expressed as a whole number of seconds. A cached CRL is expired on the earlier of:
  • Its own nextUpdate value (which is the certificate's valid until date), or
  • The sum of the SSLOCSPCacheLifetime and the operating system's Last modified date/time on the cached file.

The special case of 0 means that the cache lifetime is disabled, and a CRL expires as set in its nextUpdate field. (If the CRL does not have any nextUpdate value when the SSLCRLCacheLifetime=0, the CRL is not cached.)

Depending on your environment, one possible use is to set this to about 10 minutes (600 seconds). This is sufficient for an agent to complete a policy update, for example, and then refresh the cache on the next occurrence.

Values

Values / range

Zero, or a positive integer.

Default value

0
This default means that certificate validity period is as specified on the certificate itself.

Example values

600

Command line

Tool

Inventory component (ndtrack), and upload component (ndupload)

Example

-o SSLCRLCacheLifetime=600

Registry

Installed by

Code internals, or manual configuration

Computer preference

[Registry]\ManageSoft\Common or [Registry]\ManageSoft\<Component>\CurrentVersion where <Component> is the registry key for an individual component (Tracker, or Uploader)

IT Asset Management (Cloud)

Current