To help you visualize the process, imagine your doorbell rings at an odd hour. You open the door and see two serious-looking people standing on the doorstep, who ask whether they can come in for a chat. Do you let them in? Probably not. But what if they\u2019re wearing uniforms and have ID badges saying they work for the FBI? Then your perspective might change. Think of OCSP stapling as being akin to those ID badges. You don\u2019t need to check with the FBI when an agent knocks on your door, because the badges indicate that they can be trusted.<\/p>\n\n\n\n
As a client connecting to a website, the website shows you a digitally signed, timestamped report detailing whether the TLS certificate is valid. Just like the FBI issues those badges, the verification is issued by the CA. The FBI will take away the badge if an agent is suspended, fired, or quits \u2014 similarly, CAs revoke TLS certificates under certain circumstances.<\/p>\n\n\n\n
How OCSP Stapling Differs from CRLs<\/h2>\n\n\n\n
OCSP is better than using CRLs to verify the revocation status of TLS certificates. A CRL is the whole list of revoked website certificates that gets periodically updated. OCSP refers to a server response that comes from a website certificate\u2019s issuing CA. It provides current, up-to-date data about the certificate\u2019s revocation status. However, as a result, also uses more resources. OCSP stapling is a third option that keeps information about the certificate\u2019s revocation status readily on hand by \u201cstapling\u201d it.<\/p>\n\n\n\n
OCSP process can be slow when lots of clients send requests to high-traffic websites because the certificate authority (CA) must send out individual responses to individual clients. Using OCSP stapling speeds up the process as the website server will have the certificate ready for the client whenever they asked for. So, instead of numerous clients placing individual requests to the CA, the server itself will send requests at regular intervals. <\/p>\n\n\n\n
So, the traditional OCSP is more accurate than OCSP stapling because it\u2019s providing a real-time server response (versus something that may have been issued prior to a certificate being revoked). But OCSP stapling is helpful because it helps to improve performance because it can rely on the timestamped information and doesn\u2019t have to make a new revocation check.<\/p>\n\n\n\n
How Does OCSP Stapling Work?<\/h2>\n\n\n\n
Unlike with other verification methods, where the client takes responsibility for verifying the certificate revocation status of websites, OCSP stapling places the burden on the server. When a client wants to connect, the server presents the last updated verification status to them. The CA has the authority to decide the refreshing time of the response. The client can trust the certificate as it is signed by the CA that issued the server certificate. It\u2019ll also include a timestamp that shows the date and time it was created. <\/p>\n\n\n\n
A Step-by-Step Look at OCSP Stapling<\/h3>\n\n\n\n
The OCSP stapling process goes like this:<\/p>\n\n\n\n
- The web server requests the updated revocation status from the CA on the backend as the two entities are in regular communication.<\/li>
- The CA sends signed, timestamped information about its revocation status to the server, which stores it in its cache.<\/li>
- The client browser sends a connection request to the server.<\/li>
- The server \u201cstaples\u201d or annexes the cached information about its own revocation status to its reply to the client.<\/li>
- If the server certificate is valid, the client browser will connect to the website.<\/li>
- If the server certificate is revoked, the client browser will display an error message that the certificate is invalid.<\/li><\/ol>\n\n\n\n
![\"OCSP](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/05\/how-ocsp-stapling-works.png\")
<\/figure>\n\n\n\nA visual representation of how OCSP stapling works<\/p>\n\n\n\n
Certificate Responses<\/h3>\n\n\n\n
The following responses are possible with OCSP stapling:<\/p>\n\n\n\n
- Revoked: <\/strong>When a server certificate is revoked, the browser will show a warning and likely not connect to the website. This response is known as a hard fail because the browser will immediately terminate the connection. A revocation message will look like this to users:<\/li><\/ul>\n\n\n\n
![\"OCSP](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2022\/05\/badssl-certificate-revoked-warning-1024x655.png\")
<\/figure>\n\n\n\nImage caption: An example screenshot of a revoked certificate warning message that displays in Google Chrome.<\/p>\n\n\n\n
- Good:<\/strong> A good response is given when the OCSP responder recognizes the certificate serial number and finds that it is valid.<\/li><\/ul>\n\n\n\n
- Unknown:<\/strong> This message displays if the responder doesn\u2019t recognize the certificate, an unknown response is sent. The responder might not have access to the CA that issued the certificate. This type of failure is called a soft fail because it may (or may not) allow the connection to go through.<\/li><\/ul>\n\n\n\n
What Are the Advantages of Enabling OCSP Stapling?<\/h2>\n\n\n\n
There are many advantages of using OCSP stapling for verifying the revocation status of TLS certificates, including:<\/p>\n\n\n\n
- Offers improved speed and performance. <\/strong>Speed is one of the most significant advantages of the OCSP stapling method. It takes a minimal amount of time to verify the revocation status of any TLS certificate.<\/li><\/ul>\n\n\n\n
- Providers better privacy for users. <\/strong>Since the CA or the OCSP responder can\u2019t see the websites visited by the client, the client\u2019s privacy is better protected than with traditional OCSP responder queries.<\/li><\/ul>\n\n\n\n
- Requires fewer resources. <\/strong>In comparison to CRL or OCSP, the OCSP stapling uses fewer network resources for the client, making it a more efficient method.<\/li><\/ul>\n\n\n\n
3 Limitations of OCSP Stapling<\/h2>\n\n\n\n
As with any other protocol, OCSP stapling has its limitations:<\/p>\n\n\n\n
- No verification of intermediate certificates. <\/strong>Sometimes, TLS certificates contain many intermediate CA certificates forming a certificate chain<\/a>. OCSP stapling typically doesn\u2019t provide verification for the intermediate certificates (it typically just provides revocation status checks for leaf\/server certificates). However, multi-stapling was introduced in June 2013 through RFC 6961<\/a>. TLS 1.3<\/a> has the support for multiple OCSP responses.<\/li><\/ul>\n\n\n\n
- Period between OCSP responses may leave you unaware of new revocations. <\/strong>There is usually a delay between two OCSP stapling responses. This time gap can be a few hours or longer. If the certificate is revoked during that time, the server could give out outdated responses. <\/li><\/ul>\n\n\n\n
- OCSP stapling isn\u2019t supported by all browsers. <\/strong>Not all browsers and web servers support stapling at the current time, although it is becoming more widespread.<\/li><\/ul>\n\n\n\n
Distinguishing Features of OCSP Stapling Over CRLs & OCSP<\/h2>\n\n\n\n
Some of the features that differentiate OCSP stapling from other methods are:<\/p>\n\n\n\n
- Liability of Proof: <\/strong>When a server uses OCSP stapling and the website visitor\u2019s client supports it, the server takes on the responsibility of proving that its TLS certificate has not been revoked.<\/li>
- Cost of Proof: <\/strong>The cost of requesting and providing the revocation status is to be borne by the server, including its processing and network-related resources.<\/li>
- Improved Efficiency: <\/strong>The client doesn\u2019t have to request the revocation status of the TLS certificate; the server will provide one automatically from the certificate\u2019s issuing CA. It saves time and makes the TLS handshake very efficient.<\/li><\/ul>\n\n\n\n
OCSP vs. OCSP Stapling at a Glance<\/h2>\n\n\n\n
OCSP stapling builds on simple OCSP. This table lays out the differences between the two methods:<\/p>\n\n\n\n
OCSP<\/strong><\/td> OCSP Stapling<\/strong><\/td><\/tr> The responsibility of verification lies with the client browser<\/td> The server has to provide proof that the certificate has not been revoked<\/td><\/tr> The privacy of the client might be compromised as the CA can see all the websites the user has visited<\/td> The server contacts the CA for its timestamped response, so the CA can\u2019t see other sites visited by the client<\/td><\/tr> The cost of verification is borne by the client<\/td> The cost of verification is borne by the server<\/td><\/tr> Slower than OCSP stapling as there are many rounds of communication<\/td> Faster than OCSP because it doesn\u2019t have to send out individual OCSP server requests<\/td><\/tr> Not ideal for high-traffic websites<\/td> Ideal for high-traffic websites<\/td><\/tr> All certificates in the certificate chain can be verified<\/td> Not all certificates in the certificate can be verified as the server only staples its own revocation status response<\/td><\/tr> No time gap between the request from the client browser and the response from the CA<\/td> There is an interval between two requests sent by the server to the CA<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Which Browsers Support It<\/h3>\n\n\n\n
OCSP stapling is enabled by default in most of the big browsers, but it\u2019s not universally supported. The following browsers and <\/a>services support this revocation check method:<\/p>\n\n\n\n
- Apache \u2014 Apache HTTPD Server 2.3.3+<\/li>
- Edge \u2014 Supports it<\/li>
- Firefox \u2014 Firefox enabled default in version 3.0 and above<\/li>
- Google Chrome \u2014 Enabled by default<\/li>
- Internet Explorer \u2014 Version 7.0 and above supports OCSP stapling<\/li>
- NSS (Network Security Services) \u2014 Supported by version 3.15 and above<\/li>
- OpenSSL \u2014 Supported by version 0.9.8h and above<\/li>
- Opera \u2014 Version 8.0 and above supports stapling<\/li>
- Safari \u2014 Enabled by default in Mac OS X 10.7 and above<\/li><\/ul>\n\n\n\n
How Can You Turn on OCSP Stapling?<\/h2>\n\n\n\n
Most browsers have OCSP stapling enabled by default. However, if you want to enable it for your server, you can do so. Below, we\u2019ve outlined the steps for enabling this revocation checking method in Apache specifically.<\/p>\n\n\n\n
Enabling OCSP Stapling in Apache<\/h3>\n\n\n\n
If you use Apache, then you can follow the steps given below to enable OCSP stapling<\/a>:<\/p>\n\n\n\n
- Cost of Proof: <\/strong>The cost of requesting and providing the revocation status is to be borne by the server, including its processing and network-related resources.<\/li>
- Liability of Proof: <\/strong>When a server uses OCSP stapling and the website visitor\u2019s client supports it, the server takes on the responsibility of proving that its TLS certificate has not been revoked.<\/li>
- OCSP stapling isn\u2019t supported by all browsers. <\/strong>Not all browsers and web servers support stapling at the current time, although it is becoming more widespread.<\/li><\/ul>\n\n\n\n
- Period between OCSP responses may leave you unaware of new revocations. <\/strong>There is usually a delay between two OCSP stapling responses. This time gap can be a few hours or longer. If the certificate is revoked during that time, the server could give out outdated responses. <\/li><\/ul>\n\n\n\n
- No verification of intermediate certificates. <\/strong>Sometimes, TLS certificates contain many intermediate CA certificates forming a certificate chain<\/a>. OCSP stapling typically doesn\u2019t provide verification for the intermediate certificates (it typically just provides revocation status checks for leaf\/server certificates). However, multi-stapling was introduced in June 2013 through RFC 6961<\/a>. TLS 1.3<\/a> has the support for multiple OCSP responses.<\/li><\/ul>\n\n\n\n
- Requires fewer resources. <\/strong>In comparison to CRL or OCSP, the OCSP stapling uses fewer network resources for the client, making it a more efficient method.<\/li><\/ul>\n\n\n\n
- Providers better privacy for users. <\/strong>Since the CA or the OCSP responder can\u2019t see the websites visited by the client, the client\u2019s privacy is better protected than with traditional OCSP responder queries.<\/li><\/ul>\n\n\n\n
- Offers improved speed and performance. <\/strong>Speed is one of the most significant advantages of the OCSP stapling method. It takes a minimal amount of time to verify the revocation status of any TLS certificate.<\/li><\/ul>\n\n\n\n
- Unknown:<\/strong> This message displays if the responder doesn\u2019t recognize the certificate, an unknown response is sent. The responder might not have access to the CA that issued the certificate. This type of failure is called a soft fail because it may (or may not) allow the connection to go through.<\/li><\/ul>\n\n\n\n
- Good:<\/strong> A good response is given when the OCSP responder recognizes the certificate serial number and finds that it is valid.<\/li><\/ul>\n\n\n\n
- Revoked: <\/strong>When a server certificate is revoked, the browser will show a warning and likely not connect to the website. This response is known as a hard fail because the browser will immediately terminate the connection. A revocation message will look like this to users:<\/li><\/ul>\n\n\n\n