How to enable OCSP stapling when default server is self-signed?

bughunter nginx-forum at
Sat May 2 03:06:01 UTC 2015

Finally had some time to construct an extremely basic server configuration
with a default HTTP and HTTPS server and test it.  I'm working on a
production server, so there are quite a few requests every second and
therefore the downtime had to be scheduled into a tiny window of
opportunity.  I also temporarily compiled and enabled a debug build for a
few minutes (the log file went nuts).  I had ssl_stapling on and no
verification.  There was still no OCSP stapling response data or anything
related to OCSP in the debug logs.

Based on numroo's earlier response and since I was also able to fiddle
around with the config in production, I decided to temporarly disable the
default SSL server with the self-signed cert.  After reloading the config,
bam!  Instantly OCSP stapling started working as expected (even with
verification turned on).  Re-enabling the default SSL server with the
self-signed cert caused OCSP to stop working again.

Posted at Nginx Forum:,257833,258571#msg-258571

More information about the nginx mailing list