Question
SSL Labs OCSP Stapling NO. OpenSSL test successful
I have read the setup on your site for OCSP Stapling. SSL Labs states NO on OCSP Stapling
Ubuntu 20.04
OpenSSL 1.1.1g
Apache2 2.4.43
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
ServerName wp.scsiraidguru.com
ServerAdmin mike.mckenney@scsiraidguru.com
ServerAlias www.scsiraidguru.com scsiraidguru.com
DocumentRoot /var/www/wp.scsiraidguru.com/public_html
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/96e3c185b09b612a.crt
SSLCertificateKeyFile /etc/apache2/ssl/5Cert.key
SSLCACertificateFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
SSLUseStapling on
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ErrorLog /var/log/apache2/wp.scsiraidguru.com/error.log
CustomLog /var/log/apache2/wp.scsiraidguru.com/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName wp.scsiraidguru.com
ServerAlias www.scsiraidguru.com scsiraidguru.com
Redirect permanent / https://wp.scsiraidguru.com
</VirtualHost>
## Only enable TLS v1.2 and v1.3 and avoid older protocols ##
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:+HIGH:!MEDIUM:!LOW:!CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!DES:!RC4:!MD5:!RSA:!3DES:!SRP:!DSS:!SHA1:!SHA256:!SHA384
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
## Permission for our DocumentRoot ##
<Directory /var/www/wp.scsiraidguru.com/public_html>
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
# OCSP Stapling
SSLStaplingCache shmcb:/var/log/apache2/wp.scsiraidguru.com/ssl_stapling_cache(128000)
SSLSessionCache shmcb:var/log/apache2/ssl_scache(512000)
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
I am using Godaddy certificates and bundle. Certificate shows OCSP.Godaddy.com
echo QUIT | openssl s_client -connect wp.scsiraidguru.com:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
OCSP response:
======================================
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2
Produced At: May 31 14:16:36 2020 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: B6080D5F6C6B76EB13E438A5F8660BA85233344E
Issuer Key Hash: 40C2BD278ECC348330A233D7FB6CB3F0B42C80CE
Serial Number: 96E3C185B09B612A
Cert Status: good
This Update: May 31 14:16:36 2020 GMT
Next Update: Jun 2 02:16:36 2020 GMT
I have my own Ubuntu 20.04 DNS/DHCP servers. Ping and NSLookup works. No access.log or error.log errors.
Any ideas?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×