OCSP stapling is an alternative approach to the Online Certificate Status Protocol (OCSP) that you can use to validate digital certificates. OCSP stapling allows Alibaba Cloud Content Delivery Network (CDN) servers to retrieve OCSP details. This reduces the latency that occurs when clients send requests to validate digital certificates and minimizes the time that is consumed by clients to receive the validation responses. This topic describes the scenarios of OCSP stapling. It also provides details about how to enable this feature in the Alibaba Cloud CDN console.
OCSP extension fields are supported by clients. Otherwise, the OCSP stapling feature cannot take effect.
OCSP details are provided by the certificate authority (CA) that issues the digital certificates. Based on the OCSP details, the digital certificates can be validated online based on actual needs.
- By default, Alibaba Cloud CDN retrieves and caches the OCSP details for 60 minutes after OCSP Stapling is enabled.
- After the OCSP details expire, the first certificate validation request that follows the expiration time fails to receive the validation response.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column of the domain name.
- In the management pane of the domain name, click HTTPS.
- In the OCSP Stapling section, turn on OCSP stapling.