CA SiteMinder® Federation Standalone Guide › Key and Certificate Management › How to Verify that Certificates are Valid Using CRLs › Manage Certificate Cache Refresh and Grace Period

Manage Certificate Cache Refresh and Grace Period

You can complete two other tasks to manage certificate validity checking (CRL or OCSP):

• Modify the certificate cache refresh to improve performance

  The certificate cache refresh period indicates how often the certificate data store updates the certificate data in the policy store. Certificate data is cached in memory to improve CA SiteMinder® performance. Refresh the information in memory so that the data is current.

• Modify the default revocation grace period

  The default revocation grace period is the delay from when a certificate is revoked and the time the certificate becomes invalid. During the grace period, the system can use a revoked certificate before it becomes invalid. After the certificate becomes invalid, it is no longer active and CA SiteMinder® Federation Standalone cannot use it.

  If you do not specify a value for the CRL or OCSP responder grace period when adding these components, CA SiteMinder® Federation Standalone uses the default grace period. The individual grace period settings for a CRL or OCSP take precedence over this default grace period value.

Follow these steps:

1. Log in to the Administrative UI.
2. Select the Certs and Keys tab.
3. Select CDS Settings.

   The Certificate Settings dialog displays.

4. You can modify the following settings:
   • Certificate Cache Refresh Period
   • Revocation Grace Period
   • LDAP Access Timeout

   Note: Click Help for a description of fields, controls, and their respective requirements.

5. Click Save.