How to check nginx OCSP verification

Alt nginx-forum at
Tue Mar 1 16:33:11 UTC 2016


You can check with this command found on this website:
openssl s_client -connect -tls1  -tlsextdebug  -status

If everything goes well, you should find something like:
"OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response

If there's no stapling, you'll get:
"OCSP response: no response sent".

Please note: when you restart nginx, you won't get an OCSP answer
immediatly. You'll have to visit the URL and wait a few seconds before
having the stapling working for the next request. IIRC, this behavior is
because OCSP servers may be slow to answer.

Best Regards

Posted at Nginx Forum:,264967,264977#msg-264977

More information about the nginx mailing list