Page tree
Skip to end of metadata
Go to start of metadata

Starting from Google Chrome version 68 and later, the browser will enforce "Certificate Transparency" for all publicly trusted certificates. HTTPS certificates are considered invalid if there is no Information about "Certificate Transparency" available.

For more information, see the page https://www.certificate-transparency.org/

The OCSP Stapling option is available since Apache version 2.3. It means that this option is available in R&S®Web Application Firewall as of version 6.2. We strongly recommend using the R&S®Web Application Firewall 6.5.0 LTS version or later.

1 . Configuration

No integrated option is currently available to enable OCSP Stapling directly from the GUI (this feature is defined in the development ticket: DA-9883). However, you may add two Apache directives in the "Reverse Proxy Advanced Parameters" and "Tunnels Advanced Parameters":

SSLStaplingCache: Global configuration to add in a Reverse Proxy Advanced Parameters profile

SSLUseStapling: Global configuration to add in a Reverse Proxy Advanced parameters profile or in the Tunnel advanced parameters profile

2 . Exemple

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
SSLUseStapling on

Add the directive in a Reverse Proxy Advanced Parameters profile - step by step


1


2

3

4

5

  1. In the panel > Setup > Reverse Proxies  > right click on the Reverse Proxy, then choose the "Modify" option,
  2. At the right of the Advanced Parameters select list, click on the blue ball, then choose "Add",
  3. Write a name for your new Advanced Parameters profile, choose the Reverse Proxy in the type, then click the "Ok" button,
  4. Select the new Advanced Parameters profile, then click on the blue ball on the right then "Modify",
  5. Add the directive in the Advanced Parameters profile, click on the "Ok" buttons to save changes.

Add the directive in a tunnel advanced parameters profile - step by step

Tunnel modification
1

Create advanced Parameters
2

Add profil name
3


4

Profil modification
5

Directive add
6

  1. In the Application panel, right click on the Tunnel, then choose the "Modify" option in the menu,
  2. In the Advanced tab, click on the blue ball on the right of the "Advanced parameters Profile" select list and choose "Add",
  3. Write a new name for your Advanced Parameter profile, define now the "Type" as a "Tunnel", click on the "Ok" button,
  4. Select the new Advanced Parameter profile in the select list,
  5. Then click on the blue ball and choose the option "Modify",
  6. Add the directive just after the SSL directives, click on the "Ok" buttons to save changes.

Applying

As the Global configuration in the Reverse Proxy Advanced Parameters has been modified, you need to Apply the Reverse Proxy using a Cold Restart. 

Warning

A cold restart will stop all tunnels during the stop and start process.