To enable OCSP stapling on Windows Servers

1. Ensure you are using Windows Server 2008 or above.

   • Windows Server 2008 and above – OCSP Stapling is enabled by default.
   • Versions below 2008 do not support OCSP Stapling.

Please upgrade to Windows Server 2008 or later to enable OCSP Stapling.

1. To confirm OCSP stapling is enabled on Windows 2008 or above:
   
   • Go to SSLLabs , Check the box "Do not show the results on the boards" Enter your website address and click ‘Submit’
   • Wait until the site completes the scan
   • Check the "Revocation information", it will contain your CRL and OCSP URLs and details.
   • If OCSP is enabled, You should show "Yes" on "OCSP Stapling" Row
   • If OCSP is not enabled, the “OCSP Stapling” row will say ‘No’

If you see the ‘Not Supported’ message and are using Windows Server 2008 or above, then it is possible you need to (re)enable OCSP stapling. Please consult Microsoft’s documentation for help with this - https://technet.microsoft.com/en-us/library/hh826044%28v=ws.10%29.aspx

1. If you are still having issues, please check your Windows Server 2008+ can connect to Sectigo's OCSP servers at the following locations:

DNS HOSTNAME(S)	Destination IP	Port
ocsp.sectigo.com OCSP.usertrust.com	151.139.128.14	Tcp/80

For example, if you use telnet, use the following command:

telnet OCSP.ComodoCA.com 80

If the test is successful the reply will state ‘Connected to OCSP.ComodoCA.com’ for at least one of the ‘Destination IP’ addresses in the table above.

If the connection test is unsuccessful please make the required network changes to allow your server to connect to our OCSP servers. Once complete, we advise you to re-run the test in step 2 to establish whether OCSP stapling is now enabled.