Since Google first announced that securing a website via a SSL certificate would be considered a ranking signal for SEO, lots of web hosting providers including us here at Conetix started providing free SSL certificates via SSL certificate providers like Let’s Encrypt.
By providing a SSL certificate for your website you can now force all traffic for your website to use https:// – HyperText Transport Protocol Secure rather than standard https://.
With this change and focus on securing websites, browser developers like Google (Chrome) and Firefox started displaying secure and insecure site lock natively in their browser. Their goal is to provide a more secure Internet and provide trust from your website to the end user.
So what is OCSP Stapling?
Online Certificate Status Protocol (OCSP) stapling is the standard for checking the revocation status of a digital certificate that is assigned to a website or web service, in simple terms; is your website’s SSL certificate valid.
To understand a little more about OCSP stapling we need to cover two parts; OCSP itself and the extension stapling.
OCSP itself is an independent protocol that allows the web browser to verify the SSL certificate.
Validity. The browser checks the website’s certificate in real time against the Certified Authority (CA) and responds with a good, revoked or unknown. With this verification process each request or query has to be processed in real time and incurs a resource cost.
This cost is not only a bandwidth cost, backend server resource cost but also an end user browser cost in terms of slower performance. The busier the website is the more resource cost and in turn the slower the website becomes.
To overcome this resource cost limitation stapling was introduced and as the term suggests, the additional protocol is stapled or added to OCSP to improve this cost and speed up the process between the end users browser and the website. A time-stamped OCSP response is stapled to the request which eliminates the need for the end user browser to contact the CA directly.
Why would you use OCSP stapling?
This simple addition to your website’s SSL certificate improves both security and performance. This in turn provides trust in your website and end user confidence in using your site. Once again it also provides a ranking signal for Google which improves ever so slightly your overall ranking of your domain and website itself.
Increases Trust
Speeds up your website
Improves Google SEO Ranking
How can you take advantage of OCSP Stapling?
The good news is that OCSP stapling has been implemented by all the major web server providers like NGINX,Apache, LiteSpeed and Microsoft Windows Server.
With the major web server providers implementing this protocol, many server management panel providers such as Plesk, have taken advantage of this and have created a simple way to implement and manage quickly without any technical expertise.
How can I check if my website is using OCSP stapling?
The simplest way to check is to use online tools like SSL Labs SSL test.
Simply go to https://ssllabs.com/ssltest and type in your domain name.
It should show the following on the first page of your report if you are using OCSP Stapling.
If you are hosting your website with Conetix or have your own Plesk Virtual Private Server with Conetix, you can add OCSP stapling to your website or sites now.
If you don’t have this option with your current provider we would love to talk to you and see where we can assist.
More Technical Resources.
If you want to know more about OCSP stapling and how it all works the following are some great articles that you may find useful.
Cloudflare – High-reliability OCSP stapling and why it matters
CA Security Council – The Importance of checking for Certificate Revocation
