SSLUseStapling should not be enabled if using self-generated certs

author Elan Ruusamäe <glen@delfi.ee>

Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)

committer Elan Ruusamäe <glen@delfi.ee>

Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)
author Elan Ruusamäe <glen@delfi.ee>
Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)
committer Elan Ruusamäe <glen@delfi.ee>
Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf

index a9062f4af9acdc33e32742e59d09d41a78d1112f..5fdfa7e1ea3fd89af8c819a9cdccdf8db285e9bd 100644 (file)
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -76,7 +76,7 @@ SSLHonorCipherOrder on
  SSLCompression off
  
  # OCSP Stapling
-SSLUseStapling          on
+SSLUseStapling          off
  SSLStaplingResponderTimeout 5
  SSLStaplingReturnResponderErrors off
  SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
@@ -93,6 +93,10 @@ SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
  #   Enable/Disable SSL for this virtual host.
  SSLEngine on
  
+# Enable, if you have real ssl cert and want to cache OCSP
+# https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+SSLUseStapling          off
+
  #   Server Certificate:
  #   Point SSLCertificateFile at a PEM encoded certificate.  If
  #   the certificate is encrypted, then you will be prompted for a
author	Elan Ruusamäe <glen@delfi.ee>
	Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)
committer	Elan Ruusamäe <glen@delfi.ee>
	Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)