Verify that the server sends an OCSP staple in the TLS handshake. Free OCSP stapling checker.
OCSP stapling lets the server send a cached OCSP response during the TLS handshake, so clients don't need to contact the CA directly. This checker connects to your domain and reports whether the server staples OCSP and whether the staple is valid. Use it to verify stapling is enabled after config changes, to improve performance and privacy, and to avoid OCSP responder availability issues. Common in nginx, Apache, and CDNs.
The server fetches the OCSP response from the CA and sends it in the TLS handshake. Clients get revocation info without querying the CA.
Faster handshakes, less load on CAs, and better privacy. Some clients require a valid staple for certain certs.
Enable it in your server config (e.g. ssl_stapling in nginx). The CA must provide an OCSP responder URL in the cert.
This tool checks whether a staple is sent and valid. Use an OCSP checker to query revocation status directly.
Yes. The tool connects to the domain over TLS and inspects the handshake for the OCSP staple.