Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:ocsp-stapling [2017/11/29 15:25] Jackson Zhang [Method 3:] |
litespeed_wiki:config:ocsp-stapling [2020/07/14 18:15] Jackson Zhang [For cPanel] |
||
|---|---|---|---|
| Line 23: | Line 23: | ||
| ==== For cPanel ==== | ==== For cPanel ==== | ||
| + | The latest cpanel/WHM server has enable OCSP automatically at /etc/apache2/conf/httpd.conf hence you don't need to do any extra work on it. | ||
| + | |||
| + | <IfModule socache_shmcb_module> | ||
| + | SSLUseStapling On | ||
| + | SSLStaplingCache shmcb:/run/apache2/stapling_cache_shmcb(256000) | ||
| + | # Prevent browsers from failing if an OCSP server is temporarily broken. | ||
| + | SSLStaplingReturnResponderErrors off | ||
| + | SSLStaplingErrorCacheTimeout 60 | ||
| + | SSLStaplingFakeTryLater off | ||
| + | SSLStaplingResponderTimeout 3 | ||
| + | SSLSessionCache shmcb:/run/apache2/ssl_gcache_data_shmcb(1024000) | ||
| + | </IfModule> | ||
| + | |||
| + | For an earlier version of cPanel/WHM, you can manually add **SSLStaplingCache ** and **SSLUseStapling on** directives to apache configuration. | ||
| + | |||
| Add the following lines to: | Add the following lines to: | ||
| - For EA3: ''/usr/local/apache/conf/includes/pre_main_global.conf'' | - For EA3: ''/usr/local/apache/conf/includes/pre_main_global.conf'' | ||
| Line 83: | Line 98: | ||
| ===== Did it work? ===== | ===== Did it work? ===== | ||
| ====Method 1:==== | ====Method 1:==== | ||
| - | Check in ''$SERVER_ROOT/temp/ocspcache/''. If a file has been created there, then your OCSP stapling is working. If not, check your error logs for what went wrong. | + | Check in ''$SERVER_ROOT/tmp/ocspcache/''. If a file has been created there, then your OCSP stapling is working. If not, check your error logs for what went wrong. |
| ====Method 2:==== | ====Method 2:==== | ||
| Line 96: | Line 111: | ||
| - key in your domain then check **OCSP stapling** status | - key in your domain then check **OCSP stapling** status | ||
| - | ===== Cached OSCP response ===== | + | ===== Cached OCSP response ===== |
| - | OCSP response is cached for 1-day. If you change your SSL certificate provider and see a cached OCSP response for a domain, you can easily remove the cache files under ocsp cache folder. | + | OCSP response is cached for 1-day. If you change your SSL certificate provider and see a cached OCSP response for a domain, you can safely remove the cache files under OCSP cache folder, but not the folder itself. |