How to enable OCSP stapling (faster TLS, better privacy)

What it is

OCSP stapling lets your server fetch a signed revocation status from the CA and attach it to the TLS handshake. The client gets a fresh proof that the certificate is still valid without contacting the CA itself.

Why it matters

Without stapling, clients either skip revocation checks or leak browsing data to the CA on every connection. Stapling closes that gap, speeds up TLS, and keeps the site reachable when the CA's OCSP responder is slow or down.

How it is exploited

Without stapling, the client has to query the CA's OCSP responder directly to learn whether a certificate is revoked. When the responder is unreachable or slow, most browsers soft-fail the check and accept the certificate anyway, so a revoked cert held by an attacker keeps working in practice. Those direct OCSP lookups also leak the client's IP and the hostname they visited to the CA on every fresh handshake.

How to fix it

1. Confirm the certificate chain is complete. Stapling needs the full intermediate chain on disk so the server can fetch and verify OCSP. Concatenate the issuer chain into your certificate file or point your config at the bundle your CA provides.
2. Turn stapling on in the web server. Enable the stapling directives in Nginx or Apache and point them at a resolver that can reach the CA. Reload the server and watch the error log for the first successful fetch.
3. Cache responses and set a timeout. Configure a response cache so the server reuses a valid OCSP response until it nears expiry. Set a sensible network timeout so a slow CA does not stall handshakes.
4. Verify with a TLS probe. Run Barrion's OCSP stapling check or use openssl s_client -status against your hostname and confirm the OCSP response section is present and good. Re-test after certificate renewal.

Examples by platform

ssl_stapling on; ssl_stapling_verify on;

SSLUseStapling on

References

• RFC 6066 (TLS Extensions)
• RFC 6960 (OCSP)

Related reading

• Background concepts and deeper context
• Fix weak TLS (disable 1.0, 1.1, weak ciphers)
• How to fix SSL/TLS certificate expiry
• How to fix a missing HSTS header
• Run the tls / https check

Frequently asked questions

What is OCSP stapling?

OCSP stapling is a TLS extension where your server fetches a signed revocation status from the certificate authority and attaches (staples) it to the TLS handshake. Clients get a fresh proof of validity without contacting the CA themselves.

How is stapling different from OCSP?

Plain OCSP makes each client query the CA's responder directly, which leaks the client's IP and the hostname they visited and adds a round-trip on every fresh handshake. Stapling moves that lookup to the server, which caches the response and serves it in the handshake, so the client never has to talk to the CA.

Does every CA support stapling?

Most public CAs publish OCSP responders and support stapling, but quality varies. Test with openssl s_client -status after enabling and watch your server logs for failed fetches. If a CA's responder is unreliable, consider OCSP Must-Staple only after confirming stapling works end to end.