go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  How do I enable OCSP checking?
 
Subject: How do I enable OCSP checking?
Author: X509
In response to: Why OCSP?
Posted on: 07/01/2010 08:07:33 PM


Two ways:

  • Dynamic Way


  •      // Activate OCSP
         Security.setProperty("ocsp.enable", "true");
    


  • Static Way


  • Locate the file named <java-jre>/lib/security/java.security
        ocsp.enable=true
    



     

    > On 07/01/2010 03:15:34 PM X509 wrote:

    Short answer: it's faster.

    Long answer:

    1) CRLs may be seen as analogous to a credit card company's "bad customer list" which can grow significantly to a huge list. Locally maintaining this huge list involves both memory (you may need 4GB memory just to preload the DOD's bad customer list) footprint and synchronization issues.

    2) CPLDP sounds good but not reliable due to the greater number of requests to the well known CA's URL over the Internet.

    3) Since an OCSP response contains less information than a typical CRL, OCSP can feasibly provide more timely information regarding the revocation status of a certificate without burdening the network.

    4) The most important reason that OCSP may play a role is that OCSP's URL can be customized. It can be pointing to any third party or your own CRL checking service or a dedicated server.






    References:

     


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.