How to enable OCSP stapling when default server is self-signed?

Maxim Dounin mdounin at mdounin.ru
Tue Apr 7 13:23:22 UTC 2015


Hello!

On Tue, Apr 07, 2015 at 12:26:23AM -0400, bughunter wrote:

[...]

> > > So how do I enable OCSP stapling for my vhosts when the default
> > server cert
> > > is self-signed?  This seems like a potential bug in the nginx SSL
> > module.
> > 
> > Just enable ssl_stapling in appropriate server{} blocks.
> 
> As far as I can tell, I'm already doing that:
> 
> http://pastebin.com/Ymb5hxDP

The configuration you are testing with seems to be 
overcomplicated.  Nevertheless, it should work assuming correct 
certificates are supplied and OCSP responder works fine.  What 
makes you think that it doesn't work?

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list