SSLOCSPCacheLifetime

IT Asset Management (Cloud)

Command line | Registry

SSLOCSPCacheLifetime, supported only for UNIX-like platforms, sets the maximum lifetime of OCSP responses cached in the SSLOCSPPath, expressed as a whole number of seconds. A cached response is expired on the earlier of:
  • Its own nextUpdate value (which is the certificate's valid until date), or
  • The sum of the SSLOCSPCacheLifetime and the operating system's Last modified date/time on the cached file.

The special value of 0 means that the cache lifetime is disabled, and an OCSP response expires as set in its nextUpdate field. (If the OCSP response does not have any nextUpdate value when the SSLOCSPCacheLifetime=0, the response is not cached.)

Depending on your environment, one possible use is to set this to about 10 minutes (600 seconds). This is sufficient for an agent to complete a policy update, for example, and then refresh the cache on the next occurrence.

Values

Values / range

Zero, or a positive integer.

Default value

0
This default means that certificate validity period is as specified on the certificate itself.

Example values

600

Command line

Tool

Inventory component (ndtrack), and upload component (ndupload)

Example

-o SSLOCSPCacheLifetime=600

Registry

Installed by

Code internals, or manual configuration

Computer preference

[Registry]\ManageSoft\Common or [Registry]\ManageSoft\<Component>\CurrentVersion where <Component> is the registry key for an individual component (Tracker, or Uploader)

IT Asset Management (Cloud)

Current