OCSP stapling allows Edge Security Acceleration (ESA) to pre-cache certificate validation results and deliver them to clients, eliminating direct CA queries and reducing certificate validation time.
OCSP stapling
OCSP (Online Certificate Status Protocol) is a protocol provided by certification authorities (CAs) for clients to verify certificate status in real time. For each request, the client sends an OCSP query to the CA. Frequent OCSP queries lower TLS handshake efficiency and slow down user access.
With OCSP stapling enabled, the ESA server handles OCSP queries. ESA caches the results on the server, with a default cache duration of 60 minutes. During the TLS handshake, the ESA server sends the cached OCSP response along with the certificate to the client, so the client does not need to query the CA separately. This significantly improves TLS handshake efficiency and reduces certificate validation time.
Notes
-
Before enabling OCSP Stapling, ensure your site uses SSL/TLS and that you have configured an edge certificate.
-
Clients must support the OCSP extension field. If the client version does not support this field, OCSP Stapling will not work.
-
The default OCSP Stapling cache duration is one hour. After the cache expires, the first client request will not use OCSP Stapling until ESA retrieves fresh OCSP information.
-
If you delete all SSL/TLS certificates, OCSP Stapling stops working.
Enable OCSP Stapling
-
In the ESA console, go to Site Management. In the Website column, click your target site.
-
In the navigation pane on the left, choose .
-
Turn on the OCSP Stapling toggle.

Site-level and rule-based features
A site-level feature applies to all requests for that site. To apply OCSP stapling only to specific requests, use rule-based configuration with conditions that match specific parameters in client requests. The rule-based equivalent of the site-level OCSP Stapling feature is OCSP Stapling.