MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.
WebPagetest Forums - OCSP stapling only partial ?

WebPagetest Forums

Full Version: OCSP stapling only partial ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'm really new with ocsp stapling.

I activated it on our website.

Before we had 2 ocsp calls but it still remain one call to

Is it normal ?
Maybe my apache configuration is not ok ?
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
        SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
        SSLUseStapling on

# echo QUIT | openssl s_client -servername -connect -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: 2C69FF80C98790AE34E1B4E74C93859940E9A7B2
    Produced At: Jul 18 07:05:04 2019 GMT
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: BCDE91268256135DFC85EFC392F9189345669D92
      Issuer Key Hash: 2C69FF80C98790AE34E1B4E74C93859940E9A7B2
      Serial Number: BFDA66FABBB25F667729D64937F5D7C1
    Cert Status: good
    This Update: Jul 18 07:05:04 2019 GMT
    Next Update: Jul 22 07:05:04 2019 GMT

I was thinking once activated there will be no more ocsp call Smile
The certificate change is leaf ( > intermediary (sectigo) > root (User Trust)

In this case it looks like the intermediary cert from sectigo that's not being stapled, which is pretty common for digicert (which is who sectigo are) EV certificates

If you examine the cert chain in Chrome or Safari, you'll see the OCSP end point for the intermediary certificate matches the request you're seeing
Reference URL's