Understanding the Cache Management
When CRL are downloaded, they are cached using an in-memory caching system (EHCache). The status of the cache is available in the 'CRL Cache' entry of the 'Configuration' left menu:
Basically, when a new CRL is downloaded or uploaded, the CRL is parsed and each revocation entry is inserted / updated in the cache. Addressing the cache being faster than querying the CRL object, it results in a great performance enhancement, particularly for big CRL.
The cache status details for each Certificate Authority:
-
The Certificate Authority Name ('CA Name');
-
The last time of cache refresh for the CRL ('Cache - Last Refresh');
-
The number of revoked entries in the cache for the considered Certificate Authority ('CRL - Size');
-
The current cache status for the considered Certificate Authority: 'Valid', 'Warning', 'Expired', 'Error' ('Status').
-
The following CRL info are available when mouseover the
button:-
The issuance date of the last downloaded CRL for the considered Certificate Authority;
-
The expiration date of the last downloaded CRL for the considered Certificate Authority.
-
The CRL serial number of the last downloaded CRL for the considered Certificate Authority.
-
| You can retrieve information about the cache 'error' or 'warning' by hovering on the 'Status'. |
The cache status can be refreshed by hitting the 'Refresh' button:
| The cache cannot be purged. To purge the cache, restart the OCSPd service. |
| The number of cache entries in the cache does not reflect the number of entries in the CRL. Expired entries will be removed from the CRL, but not from the cache. Therefore, the cache contains at least as many entries as in the CRL, but can contain more. It contains all the revoked entries parsed in the different CRL since the OCSPd service was started. |