diff --git a/include/haproxy/ssl_ckch-t.h b/include/haproxy/ssl_ckch-t.h
index eba0b1a36..b6cd6935d 100644
--- a/include/haproxy/ssl_ckch-t.h
+++ b/include/haproxy/ssl_ckch-t.h
@@ -55,6 +55,7 @@ struct ckch_data {
 	struct buffer *ocsp_response;
 	X509 *ocsp_issuer;
 	OCSP_CERTID *ocsp_cid;
+	int ocsp_update_mode;
 };
 
 /*
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index c532c01f6..c1b27f494 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -563,6 +563,8 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
 
 				entry->node.key = ckchs;
 				entry->crtlist = newlist;
+				if (entry->ssl_conf)
+					ckchs->data->ocsp_update_mode = entry->ssl_conf->ocsp_update;
 				ebpt_insert(&newlist->entries, &entry->node);
 				LIST_APPEND(&newlist->ord_entries, &entry->by_crtlist);
 				LIST_APPEND(&ckchs->crtlist_entry, &entry->by_ckch_store);
@@ -611,6 +613,14 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
 
 					entry_dup->node.key = ckchs;
 					entry_dup->crtlist = newlist;
+					if (entry->ssl_conf) {
+						if (ckchs->data->ocsp_update_mode != SSL_SOCK_OCSP_UPDATE_DFLT &&
+						    ckchs->data->ocsp_update_mode != entry->ssl_conf->ocsp_update) {
+							memprintf(err, "%sIncompatibilities found in OCSP update mode for certificate %s\n", err && *err ? *err : "", crt_path);
+							cfgerr |= ERR_ALERT;
+						}
+						ckchs->data->ocsp_update_mode = entry->ssl_conf->ocsp_update;
+					}
 					ebpt_insert(&newlist->entries, &entry_dup->node);
 					LIST_APPEND(&newlist->ord_entries, &entry_dup->by_crtlist);
 					LIST_APPEND(&ckchs->crtlist_entry, &entry_dup->by_ckch_store);
@@ -634,6 +644,14 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
 		} else {
 			entry->node.key = ckchs;
 			entry->crtlist = newlist;
+			if (entry->ssl_conf) {
+				if (ckchs->data->ocsp_update_mode != SSL_SOCK_OCSP_UPDATE_DFLT &&
+				    ckchs->data->ocsp_update_mode != entry->ssl_conf->ocsp_update) {
+					memprintf(err, "%sIncompatibilities found in OCSP update mode for certificate %s\n", err && *err ? *err : "", crt_path);
+					cfgerr |= ERR_ALERT;
+				}
+				ckchs->data->ocsp_update_mode = entry->ssl_conf->ocsp_update;
+			}
 			ebpt_insert(&newlist->entries, &entry->node);
 			LIST_APPEND(&newlist->ord_entries, &entry->by_crtlist);
 			LIST_APPEND(&ckchs->crtlist_entry, &entry->by_ckch_store);