Evaluates whether OCSP stapling is enabled for each domain name accelerated by Alibaba Cloud CDN. If OCSP stapling is enabled, the resource is compliant.
Scenarios
OCSP stapling allows points of presence (POPs) to cache SSL certificate revocation status and return it directly to clients, eliminating the need for clients to query certificate authorities (CAs). This speeds up certificate validation and reduces access latency.
Risk level
Default risk level: low.
You can change the risk level when you configure this rule.
Compliance evaluation logic
A CDN domain name is evaluated as compliant if OCSP stapling is enabled.
Rule details
|
Item |
Description |
|
Rule name |
cdn-domain-ocsp-stapling-enabled |
|
Rule ID |
|
|
Tag |
CDN |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ACS::CDN::Domain |
|
Input parameter |
None |
Non-compliance remediation
Enable OCSP stapling for each CDN-accelerated domain name. For more information, see Configure OCSP stapling.