Set the timeout for Certificate SSL ID cache

Set the timeout for Certificate SSL ID cache

This configuration step applies only when delayed certificate authentication has been enabled.
Complete the following steps:
Steps

Verify that certificate authentication is enabled.
See Enable certificate authentication.

Edit the WebSEAL configuration file. In the [certificate] stanza, adjust the value of cert-cache-timeout as necessary. For example:
[certificate] cert-cache-timeout = 120
The value is the maximum lifetime for an entry in the cache, expressed as a number of seconds. Use the default value unless your conditions warrant modifying it. Possible reasons to modify the value include:

Systems with memory restrictions might need a reduced expiration time.
The expiration time might need to be increased if there is a significant lag between the time when the user initiates a certificate transfer and when the user actually submits the certificate.
Lower values clean out the cache sooner when no certificate authentications are required. Cleaning the cache frees system memory.

Parent topic: Client-side certificate authentication