Checks whether Online Certificate Status Protocol (OCSP) stapling is enabled for each domain name accelerated by Alibaba Cloud CDN (CDN). If so, the evaluation result is compliant.
Scenarios
The OCSP stapling feature allows points of presence (POPs) to cache the revocation status of SSL certificates and return the information to clients. Clients do not need to query the revocation status of SSL certificates from certificate authorities (CAs). This speeds up certificate validation and accelerates the access.
Risk level
Default risk level: low.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If OCSP stapling is enabled for each domain name accelerated by CDN, the evaluation result is compliant.
Rule details
Item | Description |
Rule name | cdn-domain-ocsp-stapling-enabled |
Rule ID | |
Tag | CDN |
Automatic remediation | Not supported |
Trigger type | Configuration change |
Supported resource type | ACS::CDN::Domain |
Input parameter | None |
Non-compliance remediation
Enable OCSP stapling for each domain name accelerated by CDN. For more information, see Configure OCSP stapling.