OCSP stapling only partial ?
|
07-19-2019, 06:12 PM
(This post was last modified: 07-19-2019 06:16 PM by billyboylindien.)
Post: #1
|
|||
|
|||
![]()
Hi,
I'm really new with ocsp stapling. I activated it on our website. Before: https://www.webpagetest.org/result/19071...bd8402743/ After: https://www.webpagetest.org/result/19071...68b7bd1e2/ Before we had 2 ocsp calls but it still remain one call to http://ocsp.usertrust.com Is it normal ? Maybe my apache configuration is not ok ? Code: SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt Code: # echo QUIT | openssl s_client -servername www.sutunam.com -connect www.sutunam.com:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update' I was thinking once activated there will be no more ocsp call ![]() |
|||
07-20-2019, 08:42 PM
Post: #2
|
|||
|
|||
RE: OCSP stapling only partial ?
The certificate change is leaf (sutunam.com) > intermediary (sectigo) > root (User Trust)
In this case it looks like the intermediary cert from sectigo that's not being stapled, which is pretty common for digicert (which is who sectigo are) EV certificates If you examine the cert chain in Chrome or Safari, you'll see the OCSP end point for the intermediary certificate matches the request you're seeing Andy Using WebPageTest - http://usingwpt.com/ |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)