How to Enable OCSP stapling in Apache

By | 2013/07/07

OCSP stapling requires Apache 2.3.3 or later. If you are running a stable Apache 2.4 branch, it is wise to take advantage of this security feature. Here is an example configuration that can be used:

SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLCACertificateFile /etc/ssl/apache2/my_ca.crt
SSLStaplingCache shmcb:/var/run/ocsp(128000)

Be sure to have SSLStaplingCache outside of a <VirtualHost> section or Apache will likely not start. I suggest putting the entire setting outside of a <VirtualHost> for simplicity.

Running a test on will validate if this has been setup properly.