There is a newer OCSP response but was not provided by the server
173279834462
nginx-forum at nginx.us
Tue Sep 22 09:33:57 UTC 2015
Hello,
nginx is not updating the OCSP response cache.
openssl says:
[...]
Cert Status: good
This Update: Sep 9 09:59:46 2015 GMT
Next Update: Sep 11 09:59:46 2015 GMT
gnutls says "There is a newer OCSP response but was not provided by the
server".
The configuration says:
[...]
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file [...]/ssl/ocsp-response.der;
[...]
How do you enforce automatic update of the OCSP response cache?
Some server's "next update" occurs at a later date than 48h.
How do you enfoce, say, a 6days next update?
Thank you for your time.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,261716,261716#msg-261716
More information about the nginx
mailing list