OCSP stapling is the another way of Checking certificate revocation. OCSP is faster than CRL.This article shows you ” OCSP Stapling configuration in Apache and Nginx “. More infomation about OCSP and CRL has explained in the previous Blog.
SSL stapling on nginx
Add the following lines in vi /etc/nginx/conf/nginx.conf or in virtual host file
where ca-bundle.trust.crt is the trusted certificate with your ROOT CA and Intermediate Certificate.
Verify the configuration by executing the following command
Restart the service
service nginx restart
SSL stapling in apache2
Add the following lines in vi /etc/httpd/conf/httpd.conf or in virtual host file
# Set the location of the SSL OCSP Stapling Cache
Now this complete, just test your configuration changes.
service apache2 reload
Verify your OCSP configuration works!!!
openssl s_client -connect www.techrunnr.com:443 -status
You will get a section with OCSP response and follwing is the sample output.
OCSP Response Data:
OCSP Response Status: successful (0x0)
OR from the following site.
Here you will see OCSP stapling YES
© 2018, Techrunnr. All rights reserved.