1 什么是OCSP Stapling?
https://en.m.wikipedia.org/wiki/OCSP_stapling
2 apache配置
在httpd.conf添加代码块
<IfModule ssl_module> SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/tmp/stapling_cache(128000) </IfModule>
下面是标准设置,上面是可用设置
<IfModule mod_ssl.c> SSLStaplingCache shmcb:/tmp/stapling_cache(128000) <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName example.com DocumentRoot /var/www SSLEngine on SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key SSLCACertificateFile /etc/ssl/ca-certs.pem SSLUseStapling on </VirtualHost> </IfModule>
2为nginx配置
在server段添加
server { listen 443; server_name example.org; root /usr/share/nginx/www; index index.html index.htm; ssl on; ssl_certificate /etc/nginx/ssl/example.org/server.crt; ssl_certificate_key /etc/nginx/ssl/example.org/server.key; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; }
注意WEB server 版本:
- Apache 2.3.3 and later
- NginX 1.3.7 and later
- Lighttpd 1.4.x
参考资料: 来自上面的维基百科引用列表
此处评论已关闭