By default, both downloaded CRLs and OCSP responses are cached by a Windows client. If a
time-valid version of the CRL or OCSP response exists in the cache, the client will use the
cached version rather than downloading an updated CRL or submitting a new OCSP request.
Caching related configuration is defined in the following registry hive:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
A binary value of:
ChainCacheResyncFiletime
defines when cache will be cleared.
Force the cache to be cleared:
c:\> certutil –setreg chain\ChainCacheResyncFiletime @now
Force the cache to clear in 1 hour:
c:\> certutil –setreg chain\ChainCacheResyncFiletime @now+0:1
View current cache life time config:
c:\> certutil –getreg chain\ChainCacheResyncFiletime
time-valid version of the CRL or OCSP response exists in the cache, the client will use the
cached version rather than downloading an updated CRL or submitting a new OCSP request.
Caching related configuration is defined in the following registry hive:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
A binary value of:
ChainCacheResyncFiletime
defines when cache will be cleared.
Force the cache to be cleared:
c:\> certutil –setreg chain\ChainCacheResyncFiletime @now
Force the cache to clear in 1 hour:
View current cache life time config:
c:\> certutil –getreg chain\ChainCacheResyncFiletime
Comments
Post a Comment