How to enable OCSP stapling when default server is self-signed?
numroo
nginx-forum at nginx.us
Sun Apr 12 16:21:19 UTC 2015
>> Yes, I ran the s_client command multiple times to account for the nginx
>> responder delay. I was testing OCSP stapling on just one of my domains.
>> Then I read that the 'default_server' SSL server also has to have OCSP
>> stapling enabled for vhost OCSP stapling to work:
>>
>> https://gist.github.com/konklone/6532544
>
>There is no such a requirement.
I have the same problem here.
openssl s_client -servername ${WEBSITE} -connect ${WEBSITE}:443 -tls1
-tlsextdebug -status|grep OCSP
Always returns the following on all virtual hosts no matter on how many
times I try:
OCSP response: no response sent
But as soon that I disable my self-signed default host and restart Nginx, I
get a successfull repsonse on the second request on all CA signed hosts:
OCSP Response Status: successful (0x0)
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257833,257974#msg-257974
More information about the nginx
mailing list