Project

General

Profile

Actions
Copy link

Task #5476

closed

Enable OCSP stapling on the ssl enabled web services

Added by Andrea Dell'Amico over 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
_InfraScience Systems Engineer
Category:
System Application
Target version:
SSL everywhere
Start date:
Oct 09, 2016
Due date:
% Done:

100%

Estimated time:
Infrastructure:
Development, Pre-Production, Production

Description

We can do this only on Ubuntu >= 14.04, because apache 2.4 and nginx >= 1.3 are required.

Some links:
https://wiki.apache.org/httpd/OCSPStapling
https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
https://raymii.org/s/tutorials/OCSP_Stapling_on_Apache2.html

https://kura.io/2014/07/02/haproxy-ocsp-stapling/
http://www.jinnko.org/2015/03/ocsp-stapling-with-haproxy.html
https://github.com/pierky/haproxy-ocsp-stapling-updater

Actions
Copy link
 #1

Updated by Andrea Dell'Amico almost 8 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 40

OCSP stapling is already active on all our nginx configurations on the supported distributions (Ubuntu >= 14.04).

Actions
Copy link
 #2

Updated by Andrea Dell'Amico almost 8 years ago

  • % Done changed from 40 to 80

OCSP stapling enabled on the most important apache services (data, access, redmine).

Actions
Copy link
 #3

Updated by Andrea Dell'Amico almost 8 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 80 to 100

Enabled on the main load balancer, too.

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 8.91 MB)