How to enable OCSP stapling when default server is self-signed?
Maxim Dounin
mdounin at mdounin.ru
Tue Apr 7 13:23:22 UTC 2015
Hello!
On Tue, Apr 07, 2015 at 12:26:23AM -0400, bughunter wrote:
[...]
> > > So how do I enable OCSP stapling for my vhosts when the default
> > server cert
> > > is self-signed? This seems like a potential bug in the nginx SSL
> > module.
> >
> > Just enable ssl_stapling in appropriate server{} blocks.
>
> As far as I can tell, I'm already doing that:
>
> http://pastebin.com/Ymb5hxDP
The configuration you are testing with seems to be
overcomplicated. Nevertheless, it should work assuming correct
certificates are supplied and OCSP responder works fine. What
makes you think that it doesn't work?
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list