The OCSP stapling feature enables Edge Security Acceleration (ESA) to pre-cache online certificate validation results and deliver them to clients. This eliminates the need for clients to directly query the CA for certificate status, which reduces certificate validation time and improves user access speed.
OCSP stapling
OCSP (Online Certificate Status Protocol) is a protocol provided by certification authorities (CAs) that allows clients to validate certificate validity and legitimacy in real time. For each request, the client sends an OCSP query to the CA. Frequent OCSP queries lower TLS handshake efficiency and slow down user access.
When you enable OCSP stapling, OCSP status queries are handled by the ESA server. ESA performs infrequent queries and caches the results on the server. The default cache duration is 60 minutes. When a client initiates a TLS handshake request to the server, ESA server sends the OCSP status information for the certificate along with the certificate to the client, eliminating the need for the client to query the certification authority (CA). This significantly improves TLS handshake efficiency and reduces certificate validation time.
Notes
Before enabling OCSP Stapling, ensure your site uses SSL/TLS and that you have configured an edge certificate.
Clients must support the OCSP extension field. If the client version does not support this field, OCSP Stapling will not work.
The default OCSP Stapling cache duration is one hour. After the cache expires, the first client request will not use OCSP Stapling until ESA retrieves fresh OCSP information.
If you delete all SSL/TLS certificates, OCSP Stapling stops working.
Enable OCSP Stapling
In the ESA console, go to Site Management. In the Website column, click your target site.
In the navigation pane on the left, choose .
Turn on the OCSP Stapling toggle.
Site-level and rule-based features
A site-level feature applies to all requests for that site. To apply OCSP stapling only to specific requests, use rule-based configuration. You can define rules using conditions that detect specific parameters in client requests. This gives precise control over which requests use the rule. The rule-based equivalent of the site-level OCSP Stapling feature is OCSP Stapling.