Enable OCSP stapling
wikipedia.org:
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Test OCSP Staple:
https://www.digicert.com/help/
How to enable:
https://www.digicert.com/enabling-ocsp-stapling.htm
https://www.digicert.com/ssl-support/apache-enable-ocsp-stapling-on-server.htm
https://www.digicert.com/ssl-support/nginx-enable-ocsp-stapling-on-server.htm
My setup for Apache in DirectAdmin in CustomBuild:
cd /usr/local/directadmin/custombuild/custom/ap2/conf/extra/
vi httpd-ssl.conf
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache “shmcb:/var/run/ocsp(128000)”
put this code just before:
##
## SSL Virtual Host Context
##
(and check that /var/run/ folder exists)
Or Apache in DirectAdmin in httpd :
customized header:
inside virtual:
SSLUseStapling on
custom1:
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
or
SSLStaplingCache shmcb:/run/httpd/ssl_stapling(32768)
Screenshot: https://webhostingtech.nl/wordpress/wp-content/uploads/2023/10/Stapling.jpg
Apache in Plesk:
in case of all sites in /etc/httpd/conf.d/ssl.conf
<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
SSLUseStapling on
</IfModule>
Nginx (in Plesk):
Additional nginx directives for an individual domain:
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;