Replies: 1 comment
-
|
There is caching there for performance and to not load the database too much. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Using EJBCA version: 8.2.0.1
i just try to test regenerate a new OCSP responder (i.e. OCSPKeyBindingNew) to replace the existing OCSP responder (i.e. OCSPKeyBinding) which will expire soon. i found that there are delay to take effective when i use command mode to ACTIVE/DISABLED the responder as below step:
i found that it keep using the old OCSP responder => OCSPKeyBinding which status already set to DISABLED (refer to step 2 above)
Its need around 5 minutes (or longer time) to take effective for the newly created OCSP responder. see there any way / command to make it take effective immediately. (Looks browser mode can make it take effective immediately, however, for company security reason, browser mode is disabled)
Remark:
Both OCSP responder issued by same CA, so the DN is same when i set default OCSP responder as below command:
./ejbca.sh ocsp setdefaultresponder --dn "xxx"
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions