I run a website on Windows Server 2012 R2 (IIS8.5) and am busy beefing up the TLS security. Running SSL Labs tests against the machine shows that it is not using OCSP stapling. I have read in several places that OCSP stapling is enabled by default in Server 2008 and up. I have tried looking around on the web but cannot seem to find any articles that are helpful in resolving the problem.
So my questions are as follows:
1 - Is there a way to confirm that OCSP stapling is running/working on the server itself?
2 - How do I enable OCSP stapling to work in IIS?
With thanks
DeadlyEmbrace