如何开启OCSP？

WINDOWS如何开启OCSP？

• Windows Server 2008+ – OCSP stapling 支持
• Windows Server pre-2008 – OCSP stapling 之前版本不支持

WINDOWS系统默认支持OCSP不需要开启

Apache如何开启OCSP？

Apache HTTPD Server 2.3.3+ 以上颁发支持 , 以下命令检查apache版本

• apache2 -v
• httpd -v

配置示例

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv3 -SSLv2

SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/ca-bundle.crt

SSLUseStapling on


</VirtualHost>

Nginx如何开启OCSP？

Nginx 1.3.7+ 以上版本支持 OCSP

server
{
 listen 443 ssl;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_certificate /etc/ssl/your_domain_name.crt;
 ssl_certificate_key /etc/ssl/your_domain_name.key;

ssl_stapling on;
 ssl_stapling_verify on;
}

OCSP检测工具:

https://https66.com/ocsp