What is OCSP stapling?
OCSP stapling is a safe and quick way of determining whether or not an SSL certificate is valid. Instead of requesting information from the certificate’s vendor, it allows a web server to provide information on the validity of its own certificates.
Three Steps to enable OCSP Stapling in Nginx:
1. To enable OCSP stapling, just add these three lines under “server” block
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /path/to/full/chain/pem;
2. Test Nginx configuration
sudo nginx -t
3. Reload Nginx Configuration
If everything is fine, just reload the configuration.
sudo service nginx reload
Test if OCSP Stapling is enabled
You can use globalsign sslabs to see if it is working fine.