3.2.3.3.2 OCSP (The Online Certificate Status Protocol) Stapling and Session Cache
Only applicable to MetaDefender Core version 4.19.0 or above.
1.) Modify “ssl.conf” file (create new if not existed)
-
On Windows, under <Installation Directory>\nginx\
-
On Linux, under /etc/ometascan/nginx.d/
Modify ssl.conf file with following recommended settings
# Enable OCSP stapling, optimize session cachessl_ecdh_curve secp384r1;ssl_session_timeout 1d;ssl_session_cache shared:SSL:10m;ssl_session_tickets off;ssl_stapling on;ssl_stapling_verify on;# verify chain of trust of OCSP response using Root CA and Intermediate certsssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;# replace with the IP address of your resolverresolver 127.0.0.1;2.) A restart of the “OPSWAT Metadefender Core” service is required.