OCSP Stapling cache timeout


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v7.3.6 and later

EFT v8.0 and later store Advanced Properties in a JSON file. When you upgrade from EFT v7.4.x to EFT v8, the non-default settings that you have defined in the registry will be added to the Advanced Properties file during upgrade. (Default settings become part of the EFT configuration files.) For a more on how to use advanced properties, and a spreadsheet of the advanced properties, please refer to the "Advanced Properties" topic in the help for your version of EFT.

DISCUSSION

An administrator would want to set the OCSP Stapling cache timeout to set the frequency of how often EFT either reads from the cache or contacts the CA for a proper response. In a situation where the certificate is revoked, you want the response from the CA and not the cache where it would give you a “good” response (since it’s in cache). When the property is present, EFT will use this value as the number of seconds a given OCSP response will survive in our cache before a new request to the OCSP Responder URL must be made.

In EFT v8 and later:

Add the name:value pair to the AdvancedProperties.JSON file in EFT's \ProgramData\ directory as described in the "Advanced Properties" topic in the online help for your version of EFT.

{
"OCSPStaplingCacheTimeoutSec": 4000
}

In versions prior to v8.0:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.3\

Name: OCSPStaplingCacheTimeoutSec

Type: DWORD

Default Value: 3600

Minimum Value: 0

Maximum Value: 4294967295

Restart Required: yes

Backup/Restore: yes