Clear OCSP Response Cache in SGOS

book

Article ID: 206762

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Secure Gateway Software - ASG

Issue/Introduction

SGOS will cache an Online Certificate Status Protocol (OCSP) response for the specified time-to-live (TTL).

 

The CFSSL/debug log shows the response is taken from cache:

 

You want to clear the OCSP response cache so the appliance fetches a new one.

Resolution

Clearing the OCSP response cache can be achieved by:

  1. Selecting the responder as <None> under Configuration > SSL > OCSP.
  2. Apply settings.
  3. Set the responder back to the original.
  4. Apply settings again.

Attachments