OCSP stapling and resolver

A. Schulze sca at andreasschulze.de
Tue Sep 26 07:23:59 UTC 2017

Grzegorz Kulewski:

> Hello,
> Is resolver in nginx still needed for OCSP stapling?
> I am getting a warning from nginx if resolver is not supplied but at  
> the same time both Qualys and openssl s_client output suggest OCSP  
> stapling is working. Strange

There are two options

- let nginx fetch the ocsp response from ca server
- fetch offline and point nginx via ssl_stapling_file to the data

1 require a resolver and serve the first response after restart  
without ocsp data
2 require a resolver outside nginx (but not inside), some scripting  
and deliver oscp data also at the first response

> --
> Grzegorz Kulewski
> gk at leniwiec.biz
> +48 663 92 88 95
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list