OCSP_basic_verify() failed

Maxim Dounin mdounin at mdounin.ru
Wed Jan 9 09:46:40 UTC 2013


Hello!

On Wed, Jan 09, 2013 at 04:27:12AM -0500, philipp wrote:

> I tried nginx 1.3.10 with ocsp stapling... but I get this error:
> 
> 2013/01/09 09:14:52 [error] 27663#0: OCSP_basic_verify() failed (SSL:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
> error:Verify error:unable to get local issuer certificate) while requesting
> certificate status, responder: ocsp.startssl.com
> 
> my config looks lile this
> 
> server {
>     listen [::]:443 ssl spdy;
> 
>     ssl on;
>     ssl_certificate      /etc/ssl/private/www.hellmi.de.pem;
>     ssl_certificate_key      /etc/ssl/private/www.hellmi.de.key;
> 
>     ## OCSP Stapling
>     resolver 127.0.0.1;
>     ssl_stapling on;
>     ssl_stapling_verify on;
> 
>     server_name  www.hellmi.de;
> 
>    ...
> }

http://nginx.org/r/ssl_stapling_verify

Quote:

For verification to work, the certificate of the issuer of the 
server certificate, the root certificate, and all intermediate 
certificates should be configured as trusted using the 
ssl_trusted_certificate directive.


-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx mailing list