There is a newer OCSP response but was not provided by the server
Maxim Dounin
mdounin at mdounin.ru
Wed Sep 23 17:21:36 UTC 2015
Hello!
On Wed, Sep 23, 2015 at 12:53:19PM -0400, 173279834462 wrote:
> I see this:
>
> ==> stderr.log <==
> 2015/09/23 18:33:00 [error] 41509#0: OCSP_basic_verify() failed (SSL:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
> error:Verify error:unable to get local issuer certificate) while requesting
> certificate status, responder: ocsp.startssl.com
So this confirms my guess: you've enabled OCSP response
verification but failed to provide appropriate certificates for
the verification to succeed.
Simpliest solution would be to switch off OCSP response
verification.
Alternatively, provide appropriate certificates via the
ssl_trusted_certificate directive, see
http://nginx.org/r/ssl_stapling_verify for details.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list