How to enable OCSP stapling when default server is self-signed?

Maxim Dounin mdounin at
Tue Apr 7 13:23:22 UTC 2015


On Tue, Apr 07, 2015 at 12:26:23AM -0400, bughunter wrote:


> > > So how do I enable OCSP stapling for my vhosts when the default
> > server cert
> > > is self-signed?  This seems like a potential bug in the nginx SSL
> > module.
> > 
> > Just enable ssl_stapling in appropriate server{} blocks.
> As far as I can tell, I'm already doing that:

The configuration you are testing with seems to be 
overcomplicated.  Nevertheless, it should work assuming correct 
certificates are supplied and OCSP responder works fine.  What 
makes you think that it doesn't work?

Maxim Dounin

More information about the nginx mailing list