OCSP stapling and resolver
mdounin at mdounin.ru
Tue Sep 26 13:20:40 UTC 2017
On Tue, Sep 26, 2017 at 03:48:57AM +0200, Grzegorz Kulewski wrote:
> Is resolver in nginx still needed for OCSP stapling?
> I am getting a warning from nginx if resolver is not supplied
> but at the same time both Qualys and openssl s_client output
> suggest OCSP stapling is working. Strange.
The warning means that nginx will use IP addresses of the OCSP
responder obtained during configuration parsing, and it won't be
able to switch to different IP addresses. That is, everything
will work unless OCSP responder will be moved to different IP
More information about the nginx