<div dir="ltr">I'm also seeing this, in nginx 1.8.0. I have several vhosts using SSL, but only one using OCSP stapling. If I disable all the other servers using SSL then OCSP stapling works. If this is by design then it should be mentioned on the documentation page for the SSL module[0].<div><br></div><div>Regards,<br><div><br></div><div>Alan</div><div><br></div><div>[0] <a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling">http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling</a></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Aug 23, 2015 at 11:29 PM, <span dir="ltr"><<a href="mailto:fsantiago@deviltracks.net" target="_blank">fsantiago@deviltracks.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Update;<br>
<br>
it all works now. once i enabled ocsp stapling for ALL of my virtual domains, they then all began reporting correct results.<br>
<br>
- fabe<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
On 2015-08-23 09:55, Fabian Santiago wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks.<br>
<br>
It does.<br>
<br>
Test produces no results.<br>
<br>
Not working on ssllabs (no result).<br>
<br>
I'm clueless. I've seen mention out on the web about making sure you<br>
define ocsp for the default site or none else will work. I also make<br>
use of sni as I only have one ip address.<br>
<br>
I have no truly "default" site configured.<br>
<br>
Could be related? I am new to nginx so I'm still learning lots. Thanks again.<br>
<br>
--<br>
<br>
Fabe<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Aug 23, 2015, at 4:00 AM, biazus <<a href="mailto:nginx-forum@nginx.us" target="_blank">nginx-forum@nginx.us</a>> wrote:<br>
<br>
Config files seems to be OK. Just make sure "ssl_trusted_certificate"<br>
contais the intermediate & root certificates (in that order from top to<br>
bottom).<br>
<br>
You can test with the following command:<br>
<br>
echo QUIT | openssl s_client -connect <a href="http://yourhost.com:443" rel="noreferrer" target="_blank">yourhost.com:443</a> -status 2> /dev/null<br>
| grep -A 17 'OCSP response:' | grep -B 17 'Next Update'<br>
<br>
good luck<br>
<br>
Posted at Nginx Forum: <a href="http://forum.nginx.org/read.php?2,261177,261185#msg-261185" rel="noreferrer" target="_blank">http://forum.nginx.org/read.php?2,261177,261185#msg-261185</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Alan Orth<br><a href="mailto:alan.orth@gmail.com" target="_blank">alan.orth@gmail.com</a><br><a href="https://alaninkenya.org" target="_blank">https://alaninkenya.org</a><br><a href="https://mjanja.ch" target="_blank">https://mjanja.ch</a><br>"In heaven all the interesting people are missing." -Friedrich Nietzsche<div>GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0<br></div></div></div>
</div>