Is it possible to enable OCSP Stapling?




  • Avatar
    Lars Doe

    "it has to be assigned an IP"

    This doesn't seem to be necessary. I also didn't put the "SSLUseStapling" into the domain's additional directives, but into the same file as the "SSLStaplingCache".

    Test with SNI (-servername) is crucial:

    echo QUIT | openssl s_client -connect -servername -status 2> /dev/null | grep -A 17 'OCSP'


  • Avatar
    Alexandr Redikultsev

    Hello @Lars Doe.


    Thank you very much for the feedback, the I have made some adjustments to the article based on it.

  • Avatar

    Dear Plesk Supporter

    This seems to be a tutorial for CentOS.
    We have servers that use Debian.

    What is the equivalent for " /etc/httpd/conf.d/ssl.conf " in the directory " /etc/apache2/conf.d/ " if there is no file ssl.conf ?

    Best regards

    Cyrill Fässler
    System Operator

    hosttech GmbH

  • Avatar
    Alexandr Redikultsev

    Hello @Cfaessler.

    As far as I can see, on Debian it should be /etc/apache2/mods-enabled/ssl.conf file.

  • Avatar
    Andreas Schneider (Edited )

    Is "ssl_trusted_certificate /full/path/to/fullchain.pem;" really necessary?

    "The directory above is NOT needed to enable OCSP with Plesk if you have certificates setup for your domain."
    Source 1:
    Source 2: 

    I tested the configuration without the directory and says it works.

    Please update your tutorial if I'm right.

    Best regards

     Additional information: The Let's Encrypt Extension is installed in my Plesk...don't know if this makes a difference.

  • Avatar
    Alexandr Redikultsev

    Hello, @Andreas Schneider!

    Thank you very much for your feedback.

    Yes, in current implementation of Plesk this part is not required.

    I have adjusted the article, thank you again for noticing it!

Please sign in to leave a comment.

Have more questions? Submit a request