There is a newer OCSP response but was not provided by the server
173279834462
nginx-forum at nginx.us
Wed Sep 23 18:22:17 UTC 2015
The files are correct as they are:
ssl_trusted_certificate includes the intermediate and the root ca,
ssl_certificate includes the server's own and the intermediate.
The error was ... in a missing ssl_trusted_certificate directive in one of
the server clauses. A human error, undetected by nginx. To prevent
such errors from happening, considering the complexity of certain
configurations and the possibility of human error, it would be very
useful to have a static check from nginx, at startup.
Moving forward, server is up and running with
> ssl_stapling on;
> ssl_stapling_verify on;
and no ssl_stapling_file.
The last problem standing is ...
the priming of the cache for each worker process.
When nginx starts, it should prime all of its worker processes.
Both the above recomendations are now in the wish list.
Thank you for the exchange. I hope it will be useful to others.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,261716,261790#msg-261790
More information about the nginx
mailing list