OCSP stapling and resolver
A. Schulze
sca at andreasschulze.de
Tue Sep 26 07:23:59 UTC 2017
Grzegorz Kulewski:
> Hello,
>
> Is resolver in nginx still needed for OCSP stapling?
>
> I am getting a warning from nginx if resolver is not supplied but at
> the same time both Qualys and openssl s_client output suggest OCSP
> stapling is working. Strange
There are two options
- let nginx fetch the ocsp response from ca server
- fetch offline and point nginx via ssl_stapling_file to the data
1 require a resolver and serve the first response after restart
without ocsp data
2 require a resolver outside nginx (but not inside), some scripting
and deliver oscp data also at the first response
>
> --
> Grzegorz Kulewski
> gk at leniwiec.biz
> +48 663 92 88 95
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list