How to enable or disable OCSP stapling on Edge SWG
search cancel

How to enable or disable OCSP stapling on Edge SWG


Article ID: 276355


Updated On:


ProxySG Software - SGOS


Starting SGOS version, proxy supports OCSP stapling for forward proxy and it is enabled by default. 
OCSP stapling can be used to determine the status of certificates in a CRL. The OCSP stapled response is valid for seven days.


OCSP stapling, or TLS Certificate Status Request extension, is a mechanism that aims to improve the efficiency and security of the Online Certificate Status Protocol (OCSP) used in the context of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. 


Following command can be used to enable and disable OCSP stapling:
#(config ssl)proxy ocsp-stapling {disable | enable}

Additional Information

RFC 6066 contains information regarding the "status_request" extension, which is responsible for OCSP stapling in TLS. This extension allows the client to request an OCSP answer from the server during the TLS handshake.