Posted On: Feb 9, 2024
AWS IoT Core, a managed cloud service that lets customers securely connect Internet of Things (IoT) devices to the cloud and manage them at scale, announces support for Online Certificate Status Protocol (OCSP) Stapling for TLS X.509 Server Certificates using Custom Domains and Configurable Endpoints. The new feature enables customers to add an additional layer of verification to their custom domain's server certificate validity, for example to respond to server certificate revocations more quickly. By including the OCSP response with the certificate during the TLS handshake, it eliminates the need for a separate request from the client to an OCSP server, resulting in faster connection establishment.
OCSP isENnbsp;an industry standard protocol that provides timely updates for the status of certificates. Upon request, it provides a response of the certificate status (i.e. valid, revoked, or unknown). If, from the client's perspective, the OCSP response for a server certificate is revoked or unknown, the connection can be terminated by the client to ensure security. To enable OCSP stapling, customers can navigate to the ‘settings’ section within the AWS IoT Console and select “Enable server certificate OCSP stapling”. Customers can also use the Domain Configuration APIs to opt into the new feature.
OCSP Stapling for TLS X.509 Server Certificates is available in all AWS regions where AWS IoT Core is present, except AWS GovCloud (US) and China regions.ENnbsp;Visit the developer guide to learn more about this feature. For more information about AWS IoT Core, visit the product page.