include OSCP stapling directives for secured sites and panel
See http://forum.sp.parallels.com/threads/ocsp-stapling-for-the-plesk-panel.300280/ for the panel, but would need to be added for all domains also.
Christian Heutger
shared this idea
Hi!
The functionality is now available in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
How to find it:
1. install SSL It! Extension (it’s available for Plesk 17.8+)
2. go to > SSL/TLS Certificates
3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
4. if an SSL Certificate is installed on the domain, there is a switcher “OCSP Stapling”, turn it on
5. Voila!
We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
-
Muhamed Osmani
commented
@Plesk Staff: What about "must-staple" option for Let's Encrypt via SSLit? Let's Encrypt supports "must-staple", but certificate need to be reissued with this option if already created.
-- See also the post from Simon KRAMER on 10. september 17. -
Simon KRAMER
commented
-
Simon KRAMER
commented
-
Anonymous
commented
Here is a workaround, add the following command to each domain under nginx additional directives:
#Enable OCSP
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;If the formatting is messed up in the commands above, use this link:
https://talk.plesk.com/threads/best-practice-ocsp-stapling-for-clients.333195/