0
0
Nginxdevops~5 mins

OCSP stapling in Nginx - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is OCSP stapling in simple terms?
OCSP stapling is a way for a website to quickly prove its security certificate is still valid without making your browser check with the certificate authority every time.
Click to reveal answer
beginner
Why is OCSP stapling better than traditional OCSP checks?
Because it reduces delays and saves bandwidth by letting the server send the certificate status directly, so browsers don’t have to ask the certificate authority each time.
Click to reveal answer
beginner
Which nginx directive enables OCSP stapling?
The directive is ssl_stapling on; inside the server block where SSL is configured.
Click to reveal answer
intermediate
What additional directive should be set with ssl_stapling on; for OCSP stapling to work properly in nginx?
You should also set ssl_stapling_verify on; to make nginx verify the OCSP response from the certificate authority.
Click to reveal answer
intermediate
What files are important for OCSP stapling to work in nginx?
You need your SSL certificate file, the private key file, and the trusted certificate chain file (usually the CA bundle) for nginx to verify OCSP responses.
Click to reveal answer
What does OCSP stapling help improve?
AWebsite loading speed and security certificate validation
BDatabase query performance
CUser interface design
DServer hardware cooling
Which nginx directive turns on OCSP stapling?
Assl_certificate on;
Bssl_stapling on;
Cssl_verify_client on;
Dssl_protocols on;
What must nginx verify to ensure OCSP stapling works securely?
AThe OCSP response from the certificate authority
BThe server's IP address
CThe user's browser version
DThe server's disk space
What file is NOT needed for OCSP stapling in nginx?
ASSL private key file
BTrusted CA certificate chain file
CSSL certificate file
DUser's browser cache
What problem does OCSP stapling solve?
AIncreases server CPU speed
BFixes broken HTML tags
CAvoids delays caused by browsers checking certificate status directly
DImproves database indexing
Explain how to enable OCSP stapling in nginx and why it is useful.
Think about what directives you add in the server block and the benefit to users.
You got /4 concepts.
    Describe the files nginx needs to support OCSP stapling and their roles.
    Consider what nginx needs to prove the certificate is valid and trusted.
    You got /4 concepts.