Online Certificate Status Protocol — OpenSSL Certificate

The Online Certificate Status Protocol (OCSP) is a mechanism for determining whether or not a server certificate has been revoked, and OCSP Stapling is a special form of this in which the server, such as httpd and mod_ssl, maintains current OCSP responses for its certificates and sends them to clients which communicate with the server. FAQ: Digital Certificate Revocation - In OCSP stapling: 1. A web server requests and obtains a signed OCSP response for its certificate from an OCSP responder, which can be cached for up to 7 days. 2. The server includes the cached OCSP response along with (or “stapled to”) its certificate in its HTTPS responses to web browsers. 3. OCSP Stapling on Nginx and Apache webserver - MyBlueLinux.COM

Mar 02, 2014

debian - OpenSSL OCSP Responder don't start anymore - Unix

Check TLS certificate revocation with SSL Labs, and

Apache Tomcat 10 (10.0.0-M6) - SSL/TLS Configuration How-To