OCSP Staple

Hello. I am running security tests on my domain trying to get everything in order. One thing I am seeing across several of them are showing OCSP Staple DISABLED. How can I get this working as it seems that it should be enabled by default. My hosting provider said I needed to step up to a higher plan like VPS or Wordpress Optimized to get help from them since I am on a shared account. I showed them the test command that I saw mentioned elsewhere in here:

echo QUIT | openSSL s_client -connect MYDOMAIN:443 -status 2> /dev/null | grep -A 17 ‘OCSP response:’ | grep -B 17 ‘Next Update’

and he told me to run it in SSH Console, but when I do, it doesnt do anything but go back to a blinking cursor.

I just upgraded from free to Pro plan last week, but doubt that has anything to do with it, and I never checked it before today, so I dont know if it was working before anyways. Any ideas? Thanks!

That seems to come and go.

Here’s an official response:

Thank you for contacting Cloudflare Enterprise Support, my name is ______ and I will be assisting you with this support ticket. Regarding your inquiry about the variable nature of the OCSP stapled responses, this is indeed something that can occur under certain Cloudflare edge conditions. Generally, what occurs in this case is due to latency between then the staple expires verses when it can be fetched. While we have made strides to improve this reliability and will continue to improve upon this in the future, this is the current state of OCSP stapled responses from our edge so presently there can be some expectation of responses without the stapled response present.

While I understand that this may not be the preferred answer to your inquiry, I do hope the context helps here, please let me know if I can offer any additional help or any further assistance.

1 Like

yes I read some of those, but it seems as though after running some commands, it mysteriously starts to work again for some. Problem is, I dont know how to run the commands to test like everyone else does. How might I go about it?

This topic was automatically closed after 30 days. New replies are no longer allowed.