Reading Time: < 1 minute

OCSP stapling is the another way of Checking certificate revocation. OCSP is faster than CRL.This article shows you ” OCSP Stapling configuration in Apache and Nginx “. More infomation about OCSP and CRL has explained in the previous Blog.

SSL stapling on nginx

Add the following lines in vi /etc/nginx/conf/nginx.conf or in virtual host file

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/;

where is the trusted certificate with your ROOT CA and Intermediate Certificate.

Verify the configuration by executing the following command

nginx -t

Restart the service

service nginx restart

SSL stapling in apache2

Add the following lines in vi /etc/httpd/conf/httpd.conf or in virtual host file

SSLUseStapling on
# Set the location of the SSL OCSP Stapling Cache
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)


Now this complete, just test your configuration changes.

apachectl -t

service apache2 reload

Verify your OCSP configuration works!!!


openssl s_client -connect -status

You will get a section with OCSP response and follwing is the sample output.

OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)

OR from the following site.

Here you will see OCSP stapling YES


© 2018, Techrunnr. All rights reserved.

Questions Answered
Articles Written
Overall Points
Categories: Linux

Prabhin Prabharkaran

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!


Leave a Reply