Starting from Google Chrome version 68 and upperlater, the browser will start enforcing enforce "Certificate Transparency" for all publicly trusted certificates. HTTPS certificates will be are considered invalid if there is no Information about "Certificate Transparency" available.
The OCSP Stapling option is available since Apache version 2.3. It means that this option can be enabled in RS@WAF is available in R&S®Web Application Firewall as of version 6.2 and upper. We strongly recommend using the RS@WAF R&S®Web Application Firewall 6.5.0 LTS version and upperor later.
1 . Configuration
There is not yet No integrated option allowing is currently available to enable OCSP Stapling directly from the GUI (This this feature is defined in the development ticket: DA-9883). You can manually add two However, you may add two Apache directives in the "Reverse Proxy Advanced Parameters" and "Tunnels Advanced Parameters":
: Global configuration to add in a Reverse Proxy Advanced Parameters profile
: Global configuration to add in a Reverse Proxy Advanced parameters profile or in a the Tunnel advanced parameters profile
- If there is only one tunnel which needs the OCSP Stapling directives, you can add the SSLStaplingCache directive in the Reverse Proxy Advanced Parameters and add the SSLUseStapling directive in the Tunnel Advanced parameters.
- If all tunnels of a Reverse Proxy need the OCSP Stapling directives, you can add these two directives in the Reverse Proxy Advanced Parameters.
2 . Exemple
Add the directive in a Reverse Proxy Advanced Parameters profile - step by step
- In the panel > Setup > Reverse Proxies > right click on the Reverse Proxy, then choose the "Modify" option,
- At the right of the Advanced Parameters select list, click on the blue ball, then choose "Add",
- Write a name for your new Advanced Parameters profile, choose the Reverse Proxy in the type, then click the "Ok" button,
- Select the new Advanced Parameters profile, then click on the blue ball on the right then "Modify",
- Add the directive in the Advanced Parameters profile, click on the "Ok" buttons to save changes.
Add the directive in a tunnel advanced parameters profile - step by step
- In the Application panel, right click on the Tunnel, then choose the "Modify" option in the menu,
- In the Advanced tab, click on the blue ball on the right of the "Advanced parameters Profile" select list and choose "Add",
- Write a new name for your Advanced Parameter profile, define now the "Type" as a "Tunnel", click on the "Ok" button,
- Select the new Advanced Parameter profile in the select list,
- Then click on the blue ball and choose the option "Modify",
- Add the directive just after the SSL directives, click on the "Ok" buttons to save changes.
As the Global configuration in the Reverse Proxy Advanced Parameters has been modified, you need to Apply the Reverse Proxy using a Cold Restart.