Excerpt from Remy van Elsts tutorial: OCSP stapling is an enhancement to the standard OCSP protocol that delivers OCSP responses from the server with the certificate, eliminating the need for relying parties (web users) to check OCSP responses with the issuing CA. This has the effect of reducing bandwidth, improving perceived site performance, and increasing security for everyone involved in establishing the secure session. This tutorial shows you how to set it up with Apache.
- Read full tutorial on OCSP Stapling on Apache
Summary 🔗
Create OCSP stapling configuration for Apache.
cat <<EOF > /etc/apache2/conf-available/sslstapeling.conf
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLStaplingResponseMaxAge 900
EOF
Enable configuration, test it and do a restart of Apache if all is OK.
a2enconf sslstapeling
apache2ctl configtest
apache2ctl restart
openssl s_client -connect «yoursite»:443 -tls1 -tlsextdebug -status