Question OCSP Stapling with Apache and Nginx Reverse Proxy

[sall10]

Hello,

im using LetsEncrypt already on my websites together with Apache http2 and Nginx Reverse Proxy together with Cloudflare free.

When enabling OCSP Stapling under Subscriptions - Websites and Domains, are there any additional Nginx Directives needed ???

Thx

OS	CentOS Linux 7.7.1908 (Core)
Product	Plesk Obsidian Version 18.0.26, last updated on April 20, 2020 06:00 PM

 

[Martin Dias]

No, you do not need any additional directives:

Is it possible to enable OCSP Stapling for a domain in Plesk?

Applicable to: Plesk for Linux Question Is it possible to enable OCSP Stapling for a domain in Plesk? Answer For Plesk Onyx 17.8 and Obsidian for Linux Note: This feature requires nginx to be in...

support.plesk.com

 

[sall10]

Thanks Arashi for the information. Just enabled on one Domain for testing. Checking on SSLLabs OCSP Must Staple Status is NO. Are there any other Settings mandatory to activate to get it working?



Thx
Sally

 

[Papalapappi]

Same here, activated OCSP via SLLit! Extension, /etc/nginx/plesk.conf.d/vhosts/mydomain.conf states

#OCSP Stapling
        ssl_stapling on;
        ssl_stapling_verify on;

to check:

echo QUIT | openssl s_client -connect mydomain.com:443 -servername mydomain.com -status 2>/dev/null | grep -A 17 'OCSP' OCSP response: no response sent

Ubuntu 18.04LTS latest Plesk Obsidian

 

[TomBoB]

OCSP Must Staple

is a certificate extension. Not what you're looking for.

check further below in the protocol section. You very likely find:
OCSP stapling : YES

 

[sall10]

I checked again, OCSP stapling is still NO

 

[sall10]

Hello?