Type alias OCSPStatusConfig

OCSPStatusConfig: {
    ca?: string | Buffer | X509Certificate | pkijs.Certificate;
    enableNonce?: boolean;
    ocspUrl?: string;
    rawResponse?: boolean;
    timeout?: number;
    validateSignature?: boolean;

Additional optional configuration

Type declaration

  • Optional ca?: string | Buffer | X509Certificate | pkijs.Certificate

    The issuer certificate authority. If not provided, it will be downloaded from the issuer URL. If you already have the issuer certificate, you can provide it here to improve performance.

  • Optional enableNonce?: boolean

    Whether to include a nonce in the OCSP request. This is enabled by default because it enhances security.

    Default Value

  • Optional ocspUrl?: string

    The URL of the OCSP responder. By default, it will be extracted from the certificate. If you already know the OCSP responder URL, you can provide it here.

  • Optional rawResponse?: boolean

    Whether to return the raw response as a buffer additionally to the parsed response. This is disabled by default.

  • Optional timeout?: number

    Timeout in milliseconds for the OCSP request and download of the issuer certificate. If the request takes longer than this, it will be aborted.

    Default Value

  • Optional validateSignature?: boolean

    Whether to validate the signature of the OCSP response. This is enabled by default and should only be disabled for debugging purposes.

    Default Value