1 什么是OCSP Stapling?
https://en.m.wikipedia.org/wiki/OCSP_stapling
2 apache配置
在httpd.conf添加代码块
<IfModule ssl_module>
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
</IfModule>
下面是标准设置,上面是可用设置
<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName example.com
DocumentRoot /var/www
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key
SSLCACertificateFile /etc/ssl/ca-certs.pem
SSLUseStapling on
</VirtualHost>
</IfModule>
2为nginx配置
在server段添加
server {
listen 443;
server_name example.org;
root /usr/share/nginx/www;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/example.org/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.org/server.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
}
注意WEB server 版本:
- Apache 2.3.3 and later
- NginX 1.3.7 and later
- Lighttpd 1.4.x
参考资料: 来自上面的维基百科引用列表
此处评论已关闭