How to enable OCSP Stapling on subdomains?
One of the remaining issues I haven't figure out while addressing the server configuration is figuring out how to enable OCSP Stapling on subdomains. It is one of the last issues I need to address on tests like this one:
https://www.immuniweb.com/ssl/webdisk.jabcreations.com/pbhApPNO/
I did a search in WHM though found nothing. I figure this will likely be some Apache setting to tweak which is fine if it is.
How do I enable OCSP Stapling on subdomains please?
-
Hey hey! I'm a bit confused by your test link, as that is checking out port 465, which is secure SMTP and unrelated to the Apache stapling option. If I scan a normal subdomain with web content I don't see any of those errors.
Although, for whatever reason, testing one of my personal subdomains with port 465 shows an A+ grade, but I'm not entirely sure what we're trying to check as *any* connection to the server over port 465 will pull the email service.
0 -
Fair enough. To be completely frank, I don't even know WTH OCSP stapling is or does so I don't know it's applicable validity when it comes to subdomains and ports. I do know that I don't know how to adjust the settings for it on whichever domain/subdomain and port combinations it should be enabled and working on.
In your opinion, is it possible that the ImmuniWeb test should disregard some of the tests such as this one for certain ports?
0 -
OCSP is an SSL check. We have a ton of details about exactly what it applies to here:
https://support.cpanel.net/hc/en-us/articles/360036533894-OCSP-responder-errors
By default, we have this turned on in Apache, but there isn't really an equivalent setting for non-web services. I think some of their tests might be a bit too aggressive outside of port 80 and 443.
0
Please sign in to leave a comment.
Comments
3 comments