About this task
This configuration
step applies only when delayed certificate
authentication has been enabled.
To configure the cache, complete
the following steps:
Procedure
- Verify that certificate
authentication is enabled.
- Specify the maximum number of entries allowed in
the cache.
Edit the WebSEAL configuration file. In the [certificate] stanza,
assign a value to cert-cache-max-entries.
For example:
[certificate]
cert-cache-max-entries = 1024
The value
corresponds to the maximum number of concurrent certificate authentications.
The default value is one quarter of the default number of entries
in the SSL ID cache. (Most SSL sessions do not require certificate
logins or require certificate authentication only once for the session).
The number of entries in the SSL ID cache is set in the [ssl] stanza.
For example:
[ssl]
ssl-max-entries = 4096
Therefore, the default value
for cert-cache-max-entries is 1024, which is
one quarter of the default value for ssl-max-entries,
which is 4096.
Note: Most user requests to WebSEAL occur over
SSL connections, and all requests over SSL connections without certificates
must check the cache. Keeping the cache size smaller can significantly
improve performance.