OCSP Stapling on Azure Application Gateway and Azure Application Service (for custom domains)

Artsiom Tsernouski 21 Reputation points
2021-10-04T11:39:10.893+00:00

Hi guys

I have two questions regarding the OCSP Stapling and Azure:

  1. Is OCSP Stapling supported for Azure App Services when using a custom domain name? There are few posts on MSDN forum and Stack Overflow mentioning that Azure Team is looking into it but what's the current status?
  2. Is OCSP Stapling supported for Azure Application Gateway?

Thanks in advance

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,008 questions
{count} votes

Accepted answer
  1. suvasara-MSFT 10,026 Reputation points
    2021-10-05T14:10:49.773+00:00

    @Artsiom Tsernouski ,

    1. OCSP for Azure APP Services: OCSP stapling is enabled for the default *.azurewebsites.net URL and not yet available for the Custom domains. Our Engineering Team is working on this. As per the latest update, the feature is deployed to small set of scale sets and is being tested/validated. It would be rolled out for all regions once we are done with the testing. Now, we do not have an ETA on when this feature would be GA.

    2. OCSP for Azure Application Gateway: OCSP Stabling is built into the Application Gateway WAF v2. Due to requirements on the WAF v2 for bundling the certificate chain, it does not come into use as there is no real searching out and checking of the CA’s.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.


0 additional answers

Sort by: Most helpful