News
Knowledgebase
Enable OCSP Stapling on Windows

To enable OCSP stapling on Windows Servers

  1. Ensure you are using Windows Server 2008 or above.
     
    • Windows Server 2008 and above – OCSP Stapling is enabled by default.
       
    • Versions below 2008 do not support OCSP Stapling.

Please upgrade to Windows Server 2008 or later to enable OCSP Stapling.

  1. To confirm OCSP stapling is enabled on Windows 2008 or above:
     
    • Go to https://sslanalyzer.comodoca.com/ , enter your website address and click ‘Analyze’
       
    • Scroll down to ‘Certificate Status Details’
       
    • If OCSP is enabled, the “OCSP Stapling” row will say ‘Good’
       
    • If OCSP is not enabled, the “OCSP Stapling” row will say ‘Not Supported’

If you see the ‘Not Supported’ message and are using Windows Server 2008 or above, then it is possible you need to (re)enable OCSP stapling. Please consult Microsoft’s documentation for help with this - https://technet.microsoft.com/en-us/library/hh826044%28v=ws.10%29.aspx

  1. If you are still having issues, please check your Windows Server 2008+  can connect to Comodo’s OCSP servers at the following locations:

DNS HOSTNAME(S)

Destination IP

Port

OCSP.ComodoCA.com
OCSP.usertrust.com

178.255.83.1 or 2a02:1788:2fd::b2ff:5301

Tcp/80

 

 

 

 

For example, if you use telnet, use the following command:

telnet OCSP.ComodoCA.com 80

If the test is successful the reply will state ‘Connected to OCSP.ComodoCA.com’ for at least one of the ‘Destination IP’ addresses in the table above.

If the connection test is unsuccessful please make the required network changes to allow your server to connect to our OCSP servers. Once complete, we advise you to re-run the test in step 2 to establish whether OCSP stapling is now enabled.

(1 vote(s))
Helpful
Not helpful

Comments (0)