Set the timeout for Certificate SSL ID cache
This configuration step applies only when delayed certificate authentication has been enabled.
Complete the following steps:
Steps
- Verify that certificate authentication is enabled.
See Enable certificate authentication.
- Edit the WebSEAL configuration file. In the [certificate] stanza, adjust the value of cert-cache-timeout as necessary. For example:
[certificate] cert-cache-timeout = 120The value is the maximum lifetime for an entry in the cache, expressed as a number of seconds. Use the default value unless your conditions warrant modifying it. Possible reasons to modify the value include:
- Systems with memory restrictions might need a reduced expiration time.
- The expiration time might need to be increased if there is a significant lag between the time when the user initiates a certificate transfer and when the user actually submits the certificate.
- Lower values clean out the cache sooner when no certificate authentications are required. Cleaning the cache frees system memory.
Parent topic: Client-side certificate authentication