Nikita Bedmutha
2017-02-20 10:24:00 UTC
Hi,
We were trying performance test for large number of certificates (~ 0.5
million) using EJBCA. We tried out
a performance test and we observed that there is a notable drop in the
performance as the number of
certificate entries in the database increase. Following are the results:
certificateRequest webservice call:
SR no
Total new requests
Total Certs already in db
Total time taken(in sec)
Requests per second
1
1000
15
103
~10
2
1000
1015
113
~9
3
25000
2500
5555
~4.5
4
25000
50500
20000
~1.2
pkcs10Request webservice call:
SR no
Total new requests
Total Certs already in db
Total time taken(in sec)
Requests per second
1
1000
15
103
~10
2
1000
1015
105
~10
3
25000
28000
5169
~ 4.83
4
25000
78000
15443
~ 1.61
Revocation numbers :
Revocation for certs:
SR no
Total revocation requests
Total Certs already in db
Total time taken
(in sec)
Requests per second
1
36,500
~140,000
18228
~2
We followed the configurations to maximize the performance in EJBCA as per
the recommendations
<https://www.ejbca.org/older_releases/ejbca_6_5/htdocs/docs/adminguide.html#Maximizing%20performance>
.
However, most of the default settings are required by us like:
1. Logging to database is enabled.
2. Need to enforce uniqueness (keys, DN, Subject DN SerialNumber) in CA
configuration
3. Disable finishUser in CA configuration. - use same user to make multiple
requests.
4. We do not use separate certificate table.
So we would like to know if the performance drop that we are seeing is an
expected one? How can we improve this
performance when we already have a large number of certificates in the
database?
Regards,
Nikita Bedmutha
We were trying performance test for large number of certificates (~ 0.5
million) using EJBCA. We tried out
a performance test and we observed that there is a notable drop in the
performance as the number of
certificate entries in the database increase. Following are the results:
certificateRequest webservice call:
SR no
Total new requests
Total Certs already in db
Total time taken(in sec)
Requests per second
1
1000
15
103
~10
2
1000
1015
113
~9
3
25000
2500
5555
~4.5
4
25000
50500
20000
~1.2
pkcs10Request webservice call:
SR no
Total new requests
Total Certs already in db
Total time taken(in sec)
Requests per second
1
1000
15
103
~10
2
1000
1015
105
~10
3
25000
28000
5169
~ 4.83
4
25000
78000
15443
~ 1.61
Revocation numbers :
Revocation for certs:
SR no
Total revocation requests
Total Certs already in db
Total time taken
(in sec)
Requests per second
1
36,500
~140,000
18228
~2
We followed the configurations to maximize the performance in EJBCA as per
the recommendations
<https://www.ejbca.org/older_releases/ejbca_6_5/htdocs/docs/adminguide.html#Maximizing%20performance>
.
However, most of the default settings are required by us like:
1. Logging to database is enabled.
2. Need to enforce uniqueness (keys, DN, Subject DN SerialNumber) in CA
configuration
3. Disable finishUser in CA configuration. - use same user to make multiple
requests.
4. We do not use separate certificate table.
So we would like to know if the performance drop that we are seeing is an
expected one? How can we improve this
performance when we already have a large number of certificates in the
database?
Regards,
Nikita Bedmutha