Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:ocsp_stapling [2013/08/07 20:59]
Michael created
+++ — (current)
@@ Line 1: / Line 1: @@
-====== OCSP Stapling ======
-This article explains how to set up OCSP stapling. OCSP stapling speeds up the SSL verification process by attaching a pre-approved certificate to the SSL handshake response. This streamlines the process and removes burdens from the client and SSL certification authorities. For more information on OCSP stapling, see [[http://blog.litespeedtech.com/2013/07/03/the-openlitespeed-features-keep-coming-websocket-proxy-ocsp-stapling|our blog]].
-This article assumes that you already have the necessary certificate files and an OCSP responder. OCSP stapling is only available for LiteSpeed Web Server 4.2.4 and above.
-===== Set up a secure listener =====
-Add a listener (WebAdmin console > Configuration > Listeners > Add).
-Make sure you click ''Yes'' under the Secure setting. (The other settings should be customized to listen to the correct IP and port for the virtual hosts this listener will be mapping to.)
-=== Set up certificate files ===
-Open up the listener again (View/Edit).
-Under the SSL tab, enter the paths and locations for your certificates and key files.
-=== Set the OCSP values ===
-To set up OCSP stapling, you must set Enable OCSP Stapling to "Yes". It is also better to put the address of your OCSP responder in the OCSP Responder field (though the server may be able to find it in your CA certificate). Check with your certificate authority (CA) for your OCSP responder's address.
-=== Graceful restart to apply changes ===
-=== Did it work? ===
-Check in <code>$SERVER_ROOT/temp/ocspcache/</code>. If a file has been created there, then your OCSP stapling is working. If not, check your error logs for what went wrong.
-[[Category:Help]]