|Applies To||RSA Validation Manager 3.1|
RSA Validation Manager (RVM)
RSA Certificate Manager (RCM)
Microsoft Windows Server 2003
OCSP - Online Certificate Status Protocol
|Issue||How is the NextUpdate field in the OCSP response configured?|
RVM serving a few CAs (RSA CMs) using their LDAP as the status source.
Unable to control how long the NextUpdate field in the responses will be.
Would like a fresh response produced for every request. For each request I want the NextUpdate field to be 5 minutes from the producedAt (or ThisUpdate) time.
What seems to happen is that the VM gets fresh status every Refresh Time. E.g. if I have Refresh Time set to 5 minutes (see below) then it will get the status every 5 minutes.
The NextUpdate time in OCSP Response is calculated based on the Refresh time configured for the Status Source. There is no separate configurable option to set the NextUpdate time for OCSP response.
Here are the details how the NextUpdate, thisUpdate time in OCSP Response is calculated in the existing functionality.
If LDAP status source is configured, RVM responds to an OCSP request is as follows:
While an OCSP request for certificate status is made first time to RVM,
thisUpdate time = importTime = Current time
NextUpdate time = importTime + RefeshTime.
While an OCSP request for certificate status is made in subsequent time
If you need RVM to contact RCM data base for each OCSP request, you can set Refresh time as 0 second. But this case thisUpdate and NextUpdate time value will be same for each request.
|Legacy Article ID||a56191|