Nginx Archives - Page 2 of 2

Here’s a guide on adding OCSP to your Plesk 11.5.30 or Plesk 12.0.18 Panel.
Firstly you need to create a file containing both your intermediate and CA certificate, lets call it domainCA.pem.
create the folder…

# mkdir /etc/ssl/ocsp/

and upload domainCA.pem to it.

Now create a file called ocsp.inc in

# nano /etc/sw-cp-server/conf.d/ocsp.inc

and add the following nginx directives to it…

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/ocsp/domainCA.pem;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;

Next you need to add an include statement for ocsp.inc in the plesk.conf file…

# nano /etc/sw-cp-server/conf.d/plesk.conf

Like so…

include conf.d/*ocsp.inc;

With the other include directives.

And restart the Plesk server with

# service sw-cp-server restart

You now have OCSP on your Plesk Panel.

You can also add these directives on a per domain basis in the Plesk Panel under

Plesk -> Domains -> yourdomain.tld -> Apache & Nginx Settings -> Additional nginx directives

Here’s how you can add HTTP Strict Transport Security (HSTS) to your Plesk Panel.
This only applies to Plesk 11.5.30 and Plesk 12.0.18, older versions used lighttpd.

Locate the file and edit with your favourite editor…

# nano /etc/sw-cp-server/conf.d/plesk.conf

And add the normal Nginx HSTS directive under the certificate entries like so…

ssl_certificate /opt/psa/admin/conf/httpsd.pem;
ssl_certificate_key /opt/psa/admin/conf/httpsd.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Save the file and restart the Plesk server…

service sw-cp-server restart

Now you have Strict Transport Security on your panel.
I will show you how to add OCSP to your Plesk Panel later in the week.

To add HSTS to domains hosted on Plesk, see Secure Redirect in Plesk

My Blog

Tag Archives: Nginx

Add OCSP to Plesk Panel

Add HSTS to Plesk Panel

Servers and Security