How to enable OCSP stapling when default server is self-signed?
bughunter
nginx-forum at nginx.us
Sat May 2 03:06:01 UTC 2015
Finally had some time to construct an extremely basic server configuration
with a default HTTP and HTTPS server and test it. I'm working on a
production server, so there are quite a few requests every second and
therefore the downtime had to be scheduled into a tiny window of
opportunity. I also temporarily compiled and enabled a debug build for a
few minutes (the log file went nuts). I had ssl_stapling on and no
verification. There was still no OCSP stapling response data or anything
related to OCSP in the debug logs.
Based on numroo's earlier response and since I was also able to fiddle
around with the config in production, I decided to temporarly disable the
default SSL server with the self-signed cert. After reloading the config,
bam! Instantly OCSP stapling started working as expected (even with
verification turned on). Re-enabling the default SSL server with the
self-signed cert caused OCSP to stop working again.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257833,258571#msg-258571
More information about the nginx
mailing list