Welcome! Log In Create A New Profile

Re: There is a newer OCSP response but was not provided by the server

Forum List Message List New Topic Print View

173279834462

September 23, 2015 02:22PM

Registered: 9 years ago
Posts: 37

The files are correct as they are:
ssl_trusted_certificate includes the intermediate and the root ca,
ssl_certificate includes the server's own and the intermediate.

The error was ... in a missing ssl_trusted_certificate directive in one of
the server clauses. A human error, undetected by nginx. To prevent
such errors from happening, considering the complexity of certain
configurations and the possibility of human error, it would be very
useful to have a static check from nginx, at startup.

Moving forward, server is up and running with

> ssl_stapling on;
> ssl_stapling_verify on;

and no ssl_stapling_file.

The last problem standing is ...
the priming of the cache for each worker process.

When nginx starts, it should prime all of its worker processes.

Both the above recomendations are now in the wish list.

Thank you for the exchange. I hope it will be useful to others.

Reply Quote

RSS

Subject	Author	Posted
There is a newer OCSP response but was not provided by the server	173279834462	September 22, 2015 05:33AM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 22, 2015 09:02AM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 22, 2015 05:21PM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 08:34AM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 09:42AM
Re: There is a newer OCSP response but was not provided by the server	itpp2012	September 23, 2015 11:29AM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 10:50AM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 11:39AM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 12:18PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 12:53PM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 01:22PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:33PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:35PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:39PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:41PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 02:22PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 204

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018