SSL Stapling is working fine for me with just one line:
ssl_stapling on;
The SSL Labs Server Test shows that it is working.
Then i found ssl_stapling_verify in the nginx docs. I know what it is supposed to do but i dont know if it is doing anything. Below is my configuration, as you can see i am using a startcom certificate.
ssl_stapling on;
ssl_trusted_certificate /etc/ssl/startcom.bundle.ca.pem;
ssl_stapling_verify on;
I don't get any errors and it seems to be working. Then i tried changing the ssl_trusted_certificate to something different and was expecting errors from nginx, each time it would get a new OCSP response from the startcom server and tries to verify it. But as long as i give nginx a valid certificate (not from startcom) in ssl_trusted_certificate i don't get any errors.
So my Question is: How do i know that ssl_stapling_verify is actually working?