Adjust for time drift (skew) between the CA and EFT for OCSP requests


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v7.3.6 and later

DISCUSSION

The CA response for OCSP requests is timestamped and therefore could cause problems with out-of-sync clocks. This setting allows you to adjust for time drift (skew) between the CA and EFT. The default is 300 seconds (5 minutes).

(Best practice recommendation is to ensure that all servers are automatically updating their clocks periodically, e.g. with their domain controller or some atomic clock somewhere.)

HKEY_LOCAL_MACHINE\Software\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.3\

Name: OCSPStaplingResponseTimeSkewSec

Type: DWORD

Default Value:300

Minimum Value: 0

Maximum Value: 4294967295

Cached: yes

Backup/Restore: yes