Ocsp stapling

Alan Orth alan.orth at gmail.com
Fri Oct 2 17:35:17 UTC 2015


I'm also seeing this, in nginx 1.8.0. I have several vhosts using SSL, but
only one using OCSP stapling. If I disable all the other servers using SSL
then OCSP stapling works. If this is by design then it should be mentioned
on the documentation page for the SSL module[0].

Regards,

Alan

[0] http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling

On Sun, Aug 23, 2015 at 11:29 PM, <fsantiago at deviltracks.net> wrote:

> Update;
>
> it all works now. once i enabled ocsp stapling for ALL of my virtual
> domains, they then all began reporting correct results.
>
> - fabe
>
>
>
>
> On 2015-08-23 09:55, Fabian Santiago wrote:
>
>> Thanks.
>>
>> It does.
>>
>> Test produces no results.
>>
>> Not working on ssllabs (no result).
>>
>> I'm clueless. I've seen mention out on the web about making sure you
>> define ocsp for the default site or none else will work. I also make
>> use of sni as I only have one ip address.
>>
>> I have no truly "default" site configured.
>>
>> Could be related? I am new to nginx so I'm still learning lots. Thanks
>> again.
>>
>> --
>>
>> Fabe
>>
>>
>> On Aug 23, 2015, at 4:00 AM, biazus <nginx-forum at nginx.us> wrote:
>>>
>>> Config files seems to be OK. Just make sure "ssl_trusted_certificate"
>>> contais the intermediate & root certificates (in that order from top to
>>> bottom).
>>>
>>> You can test with the following command:
>>>
>>> echo QUIT | openssl s_client -connect yourhost.com:443 -status 2>
>>> /dev/null
>>> | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
>>>
>>> good luck
>>>
>>> Posted at Nginx Forum:
>>> http://forum.nginx.org/read.php?2,261177,261185#msg-261185
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
Alan Orth
alan.orth at gmail.com
https://alaninkenya.org
https://mjanja.ch
"In heaven all the interesting people are missing." -Friedrich Nietzsche
GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151002/66b27cda/attachment.html>


More information about the nginx mailing list