How to check nginx OCSP verification
Alt
nginx-forum at forum.nginx.org
Tue Mar 1 16:33:11 UTC 2016
Hello,
You can check with this command found on this website:
https://unmitigatedrisk.com/?p=100
openssl s_client -connect login.live.com:443 -tls1 -tlsextdebug -status
If everything goes well, you should find something like:
"OCSP response:
======================================
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
..."
If there's no stapling, you'll get:
"OCSP response: no response sent".
Please note: when you restart nginx, you won't get an OCSP answer
immediatly. You'll have to visit the URL and wait a few seconds before
having the stapling working for the next request. IIRC, this behavior is
because OCSP servers may be slow to answer.
Best Regards
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,264967,264977#msg-264977
More information about the nginx
mailing list