I am able to create a valid stapling file using openssl and it works perfectly with nginx ssl_stapling_file
However if I turn off the file and leave ssl_stapling on and add a resolver it does not work
Outbound port 53/80/443 works fine on the server.
Note that I have to add a HOST header to openssl command line, and this may be where nginx is failing to fetch what it needs? It may be a limitation of the remote server using virtual hosts and needs to know which host to connect?
openssl ocsp -noverify -text -no_nonce \
-issuer level1.crt -CAfile CAbundle.crt -cert level0.crt -VAfile level1.crt \
-respout domain.staple \
-header "HOST" "ocsp.startssl.com" \
-url http://ocsp.startssl.com/sub/class1/server/ca
Without HOST even openssl cannot make the stapling file.
If it matters, this is with Nginx 1.4.2 not trunk
Thanks for any ideas.
Edited 1 time(s). Last edit at 09/16/2013 03:17PM by _ck_.