Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Starting from Google Chrome version 68 and upperlater, the browser will start enforcing enforce "Certificate Transparency" for all publicly trusted certificates. HTTPS certificates will be are considered invalid if there is no Information about "Certificate Transparency" available.

...

The OCSP Stapling option is available since Apache version 2.3. It means that this option can be enabled in RS@WAF is available in R&S®Web Application Firewall as of version 6.2 and upper. We strongly recommend using the RS@WAF R&S®Web Application Firewall 6.5.0 LTS version and upperor later.

 

1 . Configuration

There is not yet No integrated option allowing is currently available to enable OCSP Stapling directly from the GUI (This this feature is defined in the development ticket: DA-9883). You can manually add two However, you may add two Apache directives in the "Reverse Proxy Advanced Parameters" and "Tunnels Advanced Parameters":

SSLStaplingCache: Global configuration to add in a Reverse Proxy Advanced Parameters profile

SSLUseStapling: Global configuration to add in a Reverse Proxy Advanced parameters profile or in a the Tunnel advanced parameters profile

 

2 . Exemple

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
SSLUseStapling on

Add the directive in a Reverse Proxy Advanced Parameters profile - step by step

Image Modified
1

Image Modified
2

Image Modified

3

Image Modified

4

Image Modified

5

  1. In the panel > Setup > Reverse Proxies  > right click on the Reverse Proxy, then choose the "Modify" option,
  2. At the right of the Advanced Parameters select list, click on the blue ball, then choose "Add",
  3. Write a name for your new Advanced Parameters profile, choose the Reverse Proxy in the type, then click the "Ok" button,
  4. Select the new Advanced Parameters profile, then click on the blue ball on the right then "Modify",
  5. Add the directive in the Advanced Parameters profile, click on the "Ok" buttons to save changes.

Add the directive in a tunnel advanced parameters profile - step by step

Tunnel modificationImage Modified
1

Create advanced ParametersImage Modified
2

Add profil nameImage Modified
3

Image Modified
4

Profil modificationImage Modified
5

Directive addImage Modified
6

  1. In the Application panel, right click on the Tunnel, then choose the "Modify" option in the menu,
  2. In the Advanced tab, click on the blue ball on the right of the "Advanced parameters Profile" select list and choose "Add",
  3. Write a new name for your Advanced Parameter profile, define now the "Type" as a "Tunnel", click on the "Ok" button,
  4. Select the new Advanced Parameter profile in the select list,
  5. Then click on the blue ball and choose the option "Modify",
  6. Add the directive just after the SSL directives, click on the "Ok" buttons to save changes.

Applying

As the Global configuration in the Reverse Proxy Advanced Parameters has been modified, you need to Apply the Reverse Proxy using a Cold Restart. 

...