OptionalcaThe issuer certificate authority. If not provided, it will be downloaded from the issuer URL. If you already have the issuer certificate, you can provide it here to improve performance.
OptionalenableWhether to include a nonce in the OCSP request. This is enabled by default because it enhances security.
OptionalocspThe OCSP responder certificate to validate the signature of the OCSP response. If not provided issuer certificate will be used.
OptionalocspThe URL of the OCSP responder. By default, it will be extracted from the certificate. If you already know the OCSP responder URL, you can provide it here.
OptionalrawWhether to return the raw response as a buffer additionally to the parsed response. This is disabled by default.
OptionaltimeoutTimeout in milliseconds for the OCSP request and download of the issuer certificate. If the request takes longer than this, it will be aborted.
OptionalvalidateWhether to validate the signature of the OCSP response. This is enabled by default and should only be disabled for debugging purposes.
Additional optional configuration