SSL OCSP stapling won't enable

Steve Wilson lists-nginx at swsystem.co.uk
Sun Dec 15 01:37:38 UTC 2013


I'm using startssl for my certificates so had problems with the
ssl_trusted_certificate too.

just using resolver and ssl_stapling on got mine enabled.

<https://www.ssllabs.com/ssltest/analyze.html?d=stevewilson.co.uk>

Using openssl on the console's helpful too:

openssl s_client -connect www.stevewilson.co.uk:443 \
 -tls1 -tlsextdebug -status < /dev/null| grep OCSP

Not working yet gives "OCSP response: no response sent"

give it time to gather the data and it then gives response data.

Steve.

On 14/12/2013 20:12, MacLemon wrote:
> Only when I set `ssl_stapling_verify off;`I can get OCSP stapling to work on my setup. In my experience helps to (re)load the page a few times before testing with SSLLabs to give the server time to fetch the OCSP response.
> 
> Best regards
> MacLemon
> 
> On 14.12.2013, at 08:06, justin <nginx-forum at nginx.us> wrote:
>> According to ssllabs.com SSL OCSP stapling is not enabled, even though I
>> have the following in my http block:
>>
>>  ssl_stapling on;
>>  ssl_stapling_verify on;
>>  ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.trust.crt;
>>  resolver 8.8.4.4 8.8.8.8 valid=600s;
>>  resolver_timeout 15s;
>>
>> Any idea why? Here is my full ssllabs.com report:
>> https://www.ssllabs.com/ssltest/analyze.html?d=commando.io
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 



More information about the nginx mailing list