diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 9285379a1..6ec5a9460 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -107,9 +107,13 @@ function getExpiryDate(certFilePath) {
     return notAfterDate;
 }
 
-// We used to check for the must-staple in the cert using openssl x509 -text -noout -in ${certFilePath} | grep -q status_request
-// however, we cannot set the must-staple because first request to nginx fails because of it's OCSP caching behavior
-function hasOCSPUriSync(certFilePath) {
+async function isOcspEnabled(certFilePath) {
+    // on some servers, OCSP does not work. see #796
+    const config = await settings.getReverseProxyConfig();
+    if (!config.ocsp) return false;
+
+    // We used to check for the must-staple in the cert using openssl x509 -text -noout -in ${certFilePath} | grep -q status_request
+    // however, we cannot set the must-staple because first request to nginx fails because of it's OCSP caching behavior
     const result = safe.child_process.execSync(`openssl x509 -in ${certFilePath} -noout -ocsp_uri`, { encoding: 'utf8' });
     return result && result.length > 0; // no error and has uri
 }
@@ -444,7 +448,7 @@ async function writeDashboardNginxConfig(bundle, configFileName, vhost) {
         keyFilePath: bundle.keyFilePath,
         robotsTxtQuoted: JSON.stringify('User-agent: *\nDisallow: /\n'),
         proxyAuth: { enabled: false, id: null, location: nginxLocation('/') },
-        ocsp: hasOCSPUriSync(bundle.certFilePath)
+        ocsp: await isOcspEnabled(bundle.certFilePath)
     };
     const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
     const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, configFileName);
@@ -503,7 +507,7 @@ async function writeAppNginxConfig(app, fqdn, bundle) {
             location: nginxLocation(safe.query(app.manifest, 'addons.proxyAuth.path') || '/')
         },
         httpPaths: app.manifest.httpPaths || {},
-        ocsp: hasOCSPUriSync(bundle.certFilePath)
+        ocsp: await isOcspEnabled(bundle.certFilePath)
     };
     const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
@@ -536,7 +540,7 @@ async function writeAppRedirectNginxConfig(app, fqdn, bundle) {
         cspQuoted: null,
         hideHeaders: [],
         proxyAuth: { enabled: false, id: app.id, location: nginxLocation('/') },
-        ocsp: hasOCSPUriSync(bundle.certFilePath)
+        ocsp: await isOcspEnabled(bundle.certFilePath)
     };
     const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
diff --git a/src/settings.js b/src/settings.js
index 1b828ae5a..a76e537fb 100644
--- a/src/settings.js
+++ b/src/settings.js
@@ -16,6 +16,8 @@ exports = module.exports = {
     getDynamicDnsConfig,
     setDynamicDnsConfig,
 
+    getReverseProxyConfig, // no setter yet since we have no UI for this
+
     getUnstableAppsConfig,
     setUnstableAppsConfig,
 
@@ -97,6 +99,7 @@ exports = module.exports = {
     SUPPORT_CONFIG_KEY: 'support_config',
     DIRECTORY_CONFIG_KEY: 'directory_config',
     GHOSTS_CONFIG_KEY: 'ghosts_config',
+    REVERSE_PROXY_CONFIG_KEY: 'reverseproxy_config',
 
     // strings
     AUTOUPDATE_PATTERN_KEY: 'autoupdate_pattern',
@@ -169,6 +172,9 @@ const gDefaults = (function () {
         retentionPolicy: { keepWithinSecs: 2 * 24 * 60 * 60 }, // 2 days
         schedulePattern: '00 00 23 * * *' // every day at 11pm
     };
+    result[exports.REVERSE_PROXY_CONFIG_KEY] = {
+        ocsp: true
+    };
     result[exports.SERVICES_CONFIG_KEY] = {};
     result[exports.EXTERNAL_LDAP_KEY] = {
         provider: 'noop',
@@ -557,6 +563,12 @@ async function setDirectoryConfig(directoryConfig) {
     notifyChange(exports.DIRECTORY_CONFIG_KEY, directoryConfig);
 }
 
+async function getReverseProxyConfig() {
+    const value = await get(exports.REVERSE_PROXY_CONFIG_KEY);
+    if (value === null) return gDefaults[exports.REVERSE_PROXY_CONFIG_KEY];
+    return JSON.parse(value);
+}
+
 async function getAppstoreListingConfig() {
     const value = await get(exports.APPSTORE_LISTING_CONFIG_KEY);
     if (value === null) return gDefaults[exports.APPSTORE_LISTING_CONFIG_KEY];
@@ -674,7 +686,7 @@ async function list() {
     result[exports.DEMO_KEY] = !!result[exports.DEMO_KEY];
 
     // convert JSON objects
-    [exports.BACKUP_CONFIG_KEY, exports.DIRECTORY_CONFIG_KEY, exports.SERVICES_CONFIG_KEY, exports.EXTERNAL_LDAP_KEY, exports.REGISTRY_CONFIG_KEY, exports.SYSINFO_CONFIG_KEY ].forEach(function (key) {
+    [exports.BACKUP_CONFIG_KEY, exports.DIRECTORY_CONFIG_KEY, exports.SERVICES_CONFIG_KEY, exports.EXTERNAL_LDAP_KEY, exports.REGISTRY_CONFIG_KEY, exports.SYSINFO_CONFIG_KEY, exports.REVERSE_PROXY_CONFIG_KEY ].forEach(function (key) {
         result[key] = typeof result[key] === 'object' ? result[key] : safe.JSON.parse(result[key]);
     });