Set the timeout for Certificate SSL ID cache

This configuration step applies only when delayed certificate authentication has been enabled.

Complete the following steps:

Steps

  1. Verify that certificate authentication is enabled.
    See Enable certificate authentication.

  2. Edit the WebSEAL configuration file. In the [certificate] stanza, adjust the value of cert-cache-timeout as necessary. For example:
    [certificate] 
    cert-cache-timeout = 120
    The value is the maximum lifetime for an entry in the cache, expressed as a number of seconds. Use the default value unless your conditions warrant modifying it. Possible reasons to modify the value include:

    • Systems with memory restrictions might need a reduced expiration time.
    • The expiration time might need to be increased if there is a significant lag between the time when the user initiates a certificate transfer and when the user actually submits the certificate.
    • Lower values clean out the cache sooner when no certificate authentications are required. Cleaning the cache frees system memory.

Parent topic: Client-side certificate authentication