{"id":12707,"date":"2024-08-19T16:27:42","date_gmt":"2024-08-19T10:57:42","guid":{"rendered":"https:\/\/www.skynats.com\/?p=12707"},"modified":"2025-10-23T16:34:41","modified_gmt":"2025-10-23T11:04:41","slug":"how-to-enable-ocsp-stapling-for-domain-in-plesk-server","status":"publish","type":"post","link":"https:\/\/www.skynats.com\/blog\/how-to-enable-ocsp-stapling-for-domain-in-plesk-server\/","title":{"rendered":"How to Enable OCSP Stapling for a Domain in Plesk Server"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">OCSP Stapling is a method to improve the SSL\/TLS handshake performance and privacy. It allows a web server to fetch the OCSP (Online Certificate Status Protocol) response from the Certificate Authority (CA) and then &#8220;staple&#8221; it to the SSL\/TLS handshake. This reduces the need for the client to contact the CA directly, speeding up the process and protecting privacy.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this guide, we\u2019ll walk you through enabling OCSP Stapling for a domain on a Plesk server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-normal-font-size\" id=\"h-nbsp-prerequisites\">&nbsp;<strong>Prerequisites<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Plesk server with administrative access.<\/li>\n\n\n\n<li>An SSL certificate installed on the domain for which you want to enable OCSP Stapling.<\/li>\n\n\n\n<li>The domain is running on a web server that supports OCSP Stapling (e.g., Apache or Nginx).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-normal-font-size\" id=\"h-steps-to-enable-ocsp-stapling-in-plesk\"><strong>Steps to Enable OCSP Stapling in Plesk<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">First Log in to your Plesk server&#8217;s admin panel using your credentials. In the Plesk dashboard, go to <strong>Websites &amp; Domains<\/strong> and select the domain for which you want to enable OCSP Stapling.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then click on the <strong>Hosting &amp; DNS <\/strong>section<a href=\"https:\/\/www.plesk.com\/\" target=\"_blank\" rel=\"noopener\">,<\/a> You can find the <strong>Apache &amp; Nginx <\/strong>configuration there, get into this and add the following directives in the In the <strong>Additional Apache directives<\/strong> or <strong>Additional Nginx directives<\/strong> section (depending on your web server):<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For <strong>Apache<\/strong>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SSLUseStapling on\nSSLStaplingCache shmcb:\/tmp\/stapling_cache(128000)<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">For <strong>Nginx <\/strong>is used:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssl_stapling on;\nssl_stapling_verify on;\nresolver 8.8.4.4 8.8.8.8 valid=300s;\nresolver_timeout 10s;<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">These settings enable OCSP Stapling and configure the server to cache the OCSP responses.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-normal-font-size\" id=\"h-apply-and-restart-services\"><strong>Apply and Restart Services<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">After adding the directives, click <strong>OK<\/strong> or <strong>Apply<\/strong> to save the changes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then, Restart the web server (Apache or Nginx) in order for the changes to take effect. This can be done via the <strong>Tools &amp; Settings<\/strong> &gt; <strong>Services Management<\/strong> section in Plesk admin.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-normal-font-size\" id=\"h-verify-ocsp-stapling\"><strong>Verify OCSP Stapling<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once after restarting the services, you can verify that OCSP Stapling is working by using an online tool like SSL Labs&#8217; SSL Test or by running the following command on the backend:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#openssl s_client -connect yourdomain.com:443 -status | grep -A 17 'OCSP response:'<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If OCSP is configured correctly, the response will include details about the OCSP Stapling status.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-normal-font-size\"><strong>Conclusion<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Enable OCSP Stapling Plesk is a straightforward process that enhances the security and performance of your SSL\/TLS connections. By following the steps outlined above, you can ensure that your domain benefits from faster handshakes and improved privacy, providing a better experience for your users.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you need assistance enabling OCSP Stapling for a domain on your <a href=\"https:\/\/www.skynats.com\/plesk-server-management\/ \">Plesk server<\/a>, our team is here to help. Contact us for expert guidance and support to enhance your server\u2019s security and performance efficiently.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OCSP Stapling is a method to improve the SSL\/TLS handshake performance and privacy. It allows a web server to fetch the OCSP (Online Certificate Status Protocol) response from the Certificate Authority (CA) and then &#8220;staple&#8221; it to the SSL\/TLS handshake. This reduces the need for the client to contact the CA directly, speeding up the [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[188,5,201],"tags":[896,897],"class_list":["post-12707","post","type-post","status-publish","format-standard","hentry","category-plesk-server","category-blog","category-domain","tag-ocsp-stapling","tag-plesk-server"],"_links":{"self":[{"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/posts\/12707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/comments?post=12707"}],"version-history":[{"count":1,"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/posts\/12707\/revisions"}],"predecessor-version":[{"id":16231,"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/posts\/12707\/revisions\/16231"}],"wp:attachment":[{"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/media?parent=12707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/categories?post=12707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skynats.com\/blog\/wp-json\/wp\/v2\/tags?post=12707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}