03-02-2014 | Remy van Elst
OCSP stapling is an enhancement to the standard OCSP protocol that delivers OCSP responses from the server with the certificate, eliminating the need for relying parties (web users) to check OCSP responses with the issuing CA. This has the effect of reducing bandwidth, improving perceived site performance, and increasing security for everyone involved in establishing the secure session. This tutorial shows you how to set it up with Apache.
OCSP stapling is defined in the IETF RFC 6066. The term "stapling" is a popular term used to describe how the OCSP response is obtained by the web server. The web server caches the response from the CA that issued the certificate. When an SSL/TLS handshake is initiated, the response is returned by the web server to the client by attaching the cached OCSP response to the CertificateStatus message. To make use of OCSP stapling, a client must include the "status_request" extension with its SSL/TSL Client "Hello" message.
OCSP stapling presents several advantages including the following:
You need at least Apache 2.3.3 and later plus OpenSSL 0.9.8h or later for this to work. This is not available in the current Ubuntu LTS releases (12.04), it has 2.2.22 and CentOS 6 has 2.2.15. Either search for PPA's/unofficial repositories or compile them yourself.
You also need create a firewall exception to allow your server to make outbound connections to the upstream OCSP's. You can view all OCSP URI's from a website using this one liner:
OLDIFS=$IFS; IFS=':' certificates=$(openssl s_client -connect google.com:443 -showcerts -tlsextdebug -tls1 2>&1
It results for google.com in:
Replace google.com with your domain. Also note that you need the GNU version of sed and bash. It does not work on OS X or BSD.
Add the below configuration to your virtualhost:
SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
Here's the explanation for the two lines:
OCSP stapling relieves the client of querying the OCSP responder on its own, but it should be noted that with the RFC 6066 specification, the server's CertificateStatus reply may only include an OCSP response for a single cert. For server certificates with intermediate CA certificates in their chain (the typical case nowadays), stapling in its current implementation therefore only partially achieves the stated goal of "saving roundtrips and resources" - see also RFC 6961 (TLS Multiple Certificate Status Extension).
Configures the cache used to store OCSP responses which get included in the TLS handshake if SSLUseStapling is enabled. Configuration of a cache is mandatory for OCSP stapling. With the exception of none and nonenotnull, the same storage types are supported as with SSLSessionCache
The shmbc part:
This makes use of a high-performance cyclic buffer (approx. size bytes in size) inside a shared memory segment in RAM (established via /path/to/datafile) to synchronize the local OpenSSL memory caches of the server processes. This is the recommended session cache. To use this, ensure that mod_socache_shmcb is loaded.
You can also give a few more options. For example, a freshness timeout, how old the OCSP response can be:
This lets the response only be max 15 minutes old (900 seconds).
If your apache server is behind a HTTP proxy and you need to do your OCSP queries through a proxy you can use
SSLStaplingForceURL. This overrides the URL provided by the certificate:
Restart your apache to load the new configuration:
service apache2 restart
And it should work. Let's test it.
Fire up a terminal and use the following OpenSSL command to connect to your website:
openssl s_client -connect example.org:443 -tls1 -tlsextdebug -status
In the response, look for the following:
OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: 99E4405F6B145E3E05D9DDD36354FC62B8F700AC Produced At: Feb 3 04:25:39 2014 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 0226EE2F5FA2810834DACC3380E680ACE827F604 Issuer Key Hash: 99E4405F6B145E3E05D9DDD36354FC62B8F700AC Serial Number: C1A3D8D00D72FCE483CD84759E9EC0BC Cert Status: good This Update: Feb 3 04:25:39 2014 GMT Next Update: Feb 7 04:25:39 2014 GMT
That means it is working. If you get a response like below, it is not working:
OCSP response: no response sent
You can also use the SSL Labs test to see if OCSP stapling works.