How to enable OCSP Stapling in Nginx?

What is OCSP stapling?

OCSP stapling is a safe and quick way of determining whether or not an SSL certificate is valid. Instead of requesting information from the certificate’s vendor, it allows a web server to provide information on the validity of its own certificates.

Three Steps to enable OCSP Stapling in Nginx:

1. To enable OCSP stapling, just add these three lines under “server” block

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/full/chain/pem;

2. Test Nginx configuration

sudo nginx -t

3. Reload Nginx Configuration

If everything is fine, just reload the configuration.

sudo service nginx reload

Test if OCSP Stapling is enabled

You can use globalsign sslabs to see if it is working fine.

Worth Sharing?


  1. You are going to save a request to CA if you are enabling OCSP – hence you are reducing the number of requests – thus increasing speed. I say it is totally worth it when your mission intersects with “Google’s” in keeping web FAST!

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>