You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OCSP stapling can be used to enhance the OCSP protocol by letting the webhosting site be more proactive in improving the client (browsing) experience. OCSP stapling allows the certificate presenter (i.e. web server) to query the OCSP responder directly and then cache the response. This securely cached response is then delivered with the TLS/SSL handshake via the Certificate Status Request extension response, ensuring that the browser gets the same response performance for the certificate status as it does for the website content.
Tried following the guides and no luck. I don't think I am enough of an Apache Wizard to figure this one out. I will most likely be moving to a new web server anyway, so I would rather not burn more time trying to figure this one out.
Context
According to the Godaddy cert checker, my site doesn't implement this. According to digicert,
OCSP stapling can be used to enhance the OCSP protocol by letting the webhosting site be more proactive in improving the client (browsing) experience. OCSP stapling allows the certificate presenter (i.e. web server) to query the OCSP responder directly and then cache the response. This securely cached response is then delivered with the TLS/SSL handshake via the Certificate Status Request extension response, ensuring that the browser gets the same response performance for the certificate status as it does for the website content.
Things to consider
Digicert has a guide on how to do this in Apache
https://www.digicert.com/kb/ssl-support/apache-enable-ocsp-stapling-on-server.htm
There is also this cool tool put out by Mozilla that appears to add OCSP stapling to an apache config boilerplate
https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1k&guideline=5.6
The text was updated successfully, but these errors were encountered: