OCSP_basic_verify() failed
Maxim Dounin
mdounin at mdounin.ru
Wed Jan 9 09:46:40 UTC 2013
Hello!
On Wed, Jan 09, 2013 at 04:27:12AM -0500, philipp wrote:
> I tried nginx 1.3.10 with ocsp stapling... but I get this error:
>
> 2013/01/09 09:14:52 [error] 27663#0: OCSP_basic_verify() failed (SSL:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
> error:Verify error:unable to get local issuer certificate) while requesting
> certificate status, responder: ocsp.startssl.com
>
> my config looks lile this
>
> server {
> listen [::]:443 ssl spdy;
>
> ssl on;
> ssl_certificate /etc/ssl/private/www.hellmi.de.pem;
> ssl_certificate_key /etc/ssl/private/www.hellmi.de.key;
>
> ## OCSP Stapling
> resolver 127.0.0.1;
> ssl_stapling on;
> ssl_stapling_verify on;
>
> server_name www.hellmi.de;
>
> ...
> }
http://nginx.org/r/ssl_stapling_verify
Quote:
For verification to work, the certificate of the issuer of the
server certificate, the root certificate, and all intermediate
certificates should be configured as trusted using the
ssl_trusted_certificate directive.
--
Maxim Dounin
http://nginx.com/support.html
More information about the nginx
mailing list