Excerpt from Remy van Elsts tutorial: OCSP stapling is an enhancement to the standard OCSP protocol that delivers OCSP responses from the server with the certificate, eliminating the need for relying parties (web users) to check OCSP responses with the issuing CA. This has the effect of reducing bandwidth, improving perceived site performance, and increasing security for everyone involved in establishing the secure session. This tutorial shows you how to set it up with Apache.
- Read full tutorial on OCSP Stapling on Apache
Create OCSP stapling configuration for Apache.
cat <<EOF > /etc/apache2/conf-available/sslstapeling.conf SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" SSLStaplingResponseMaxAge 900 EOF
Enable configuration, test it and do a restart of Apache if all is OK.
a2enconf sslstapeling apache2ctl configtest apache2ctl restart
Check OCSP with OpenSSL.
openssl s_client -connect «yoursite»:443 -tls1 -tlsextdebug -status