OCSP binding configuration

Last updated: 2020-06-02 14:29:18


    After OCSP stapling (a TLS certificate status query extension) is enabled, the server will send a pre-cached Online Certificate Status Protocol (OCSP) response during the TLS handshake for user verification, so that the user does not need to send a query request to the certificate authority (CA). OCSP stapling greatly improves the efficiency of TLS handshake and reduces user verification time.

    Tencent Cloud CDN allows you to enable/disable OCSP stapling.

    Configuration Guide

    Viewing the configuration

    Log in to the CDN Console, select Domain Management on the left sidebar, and click Manage on the right of the domain name to access its configuration page. Under the Advanced Configuration tab, find OCSP Stapling Configuration, which is disabled by default:

    Modifying the configuration

    If a domain name has been configured with HTTPS acceleration, you can directly toggle the OCSP stapling switch to enable/disable this feature. After the certificate configuration is deleted, OCSP stapling will automatically be invalidated:

    If your domain name is configured for global acceleration, the OCSP stapling configuration will take effect globally. This configuration does not distinguish between requests from and outside of mainland China.