SSL stapling issue
Hello,
i would like to ask for help in this.
Im hosting an https:// website on WHM server and recently i installed SSL certifficate from CA based in China. Someone adviced that people enable "SSL stapling" on servers in order to cache SSL so it do not need to connect into china and possibly timeout. (i understood that this way) but i did nothing.
Today i received several times this error in Firefox, page failed to load:
"sec_error_ocsp_try_server_later"
I wanted to ask how to disable/enable this SSL stapling on WHM server please? Is it enabled or disabled by default and which state would prevent above error/issue please? Can i check the stapling status on the server?
PHP Version 5.4.42
OpenSSL 1.0.1e-fips 11 Feb 2013
WHM 11.50
If i have Apache 2.2, i assume per this apache page that i wont be able to use stapling resulting in these oscp errors (using Firefox 40.0.3)?
Here is an tutorial where he advice to add this line: "SSLUseStapling off"
into Apache include file, i added that line into pre virtualhost include and httpd failed to start with error:
Invalid command 'SSLUseStapling'
-
Hello, I think SSLUseStapling is enable on your through httpd.conf file. Can you please check your main httpd.conf file and try to disable SSLUseStapling. 0 -
Yes, it appears it is enabled: # grep SSLUseStapling /etc/httpd/conf/httpd.conf SSLUseStapling on Server version: Apache/2.4.12 (Unix) But how disabling it should help, why? 0 -
Hello :) It's possible the CA being served by the server is not matching during the OCSP step with the browser. You may want to check with the issuing authority of the certificate, to determine if updated CA Bundles are available. If they are, then re-installing the certificate on the domain may help alleviate this without having to resort to disabling the SSL Use Stapling function. You may also want to temporarily disable your server's firewall as one of the IP addresses for the CA might be getting blocked by the firewall. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments