Is it possible to enable OCSP Stapling?

Follow

Comments

6 comments

  • Avatar
    Lars Doe

    "it has to be assigned an IP"

    This doesn't seem to be necessary. I also didn't put the "SSLUseStapling" into the domain's additional directives, but into the same file as the "SSLStaplingCache".

    Test with SNI (-servername) is crucial:

    echo QUIT | openssl s_client -connect example.com:443 -servername example.com -status 2> /dev/null | grep -A 17 'OCSP'

     

  • Avatar
    Alexandr Shadrin

    Hello @Lars Doe.

     

    Thank you very much for the feedback, the I have made some adjustments to the article based on it.

  • Avatar
    Cfaessler

    Dear Plesk Supporter

    This seems to be a tutorial for CentOS.
    We have servers that use Debian.

    What is the equivalent for " /etc/httpd/conf.d/ssl.conf " in the directory " /etc/apache2/conf.d/ " if there is no file ssl.conf ?

    Best regards

    Cyrill Fässler
    System Operator

    hosttech GmbH

  • Avatar
    Alexandr Shadrin

    Hello @Cfaessler.

    As far as I can see, on Debian it should be /etc/apache2/mods-enabled/ssl.conf file.

  • Avatar
    Andreas Schneider (Edited )

    Is "ssl_trusted_certificate /full/path/to/fullchain.pem;" really necessary?

    "The directory above is NOT needed to enable OCSP with Plesk if you have certificates setup for your domain."
    Source 1: https://community.letsencrypt.org/t/latest-le-extension-plesk-and-ocsp/31140/8
    Source 2: https://talk.plesk.com/threads/ocsp-stapling-with-letsencrypt-per-domain.343585/#post-828748 

    I tested the configuration without the directory and slllabs.com says it works.

    Please update your tutorial if I'm right.

    Best regards
    Andreas

     Additional information: The Let's Encrypt Extension is installed in my Plesk...don't know if this makes a difference.

  • Avatar
    Alexandr Shadrin

    Hello, @Andreas Schneider!

    Thank you very much for your feedback.

    Yes, in current implementation of Plesk this part is not required.

    I have adjusted the article, thank you again for noticing it!

Please sign in to leave a comment.

Have more questions? Submit a request