DigiCert OCSP-Stapling Improves NGINX Server Security

DigiCert support of OCSP-Staling/MUST STAPLE means improved security for NGINX as it passes Apache as the server of choice among top sites on the Internet.

Beginning with the NGINX release of version 1.2.0, significant improvements were made to http proxy support. The use of OCSP-Stapling, means that the growing number of top sites on the Internet using NGINX will take advantage of security enhancements added on top of SSL encryption.

New initiatives supported by DigiCert are designed to improve online data security. Adding OCSP Stapling/MUST STAPLE, Certificate Authority Authorization (CAA), or taking advantage of Google’s Certificate Transparency (CT), will help improve privacy, reliability and validity checking for sites on the Internet.

“We have been continuously working on enhancements to NGINX that increase performance, reliability and security.  With improved SSL functionality we expect the vast majority of our customers to share our enthusiasm for increased safety on the Internet.”

-Igor Sysoev CTO and principal architect at NGINX

OCSP offers real-time status information used to confirm that an SSL Certificate on a website is valid. OCSP acts as an authoritative answer for certificate trust without relying on cached information, and is popular alternative to revocation lists.

OCSP-Stapling takes basic OCSP to the next level of trust by allowing the organization using the SSL Certificate, to respond to the browser’s OCSP request instead relying solely on Certificate Authority.

NGINX has the reputation of being an ultra fast and reliable web server. Nearly 40% of top 1000 traffic sites on the Internet use the NGINX web server and it’s increasingly becoming a popular web server of choice for administrators.