Welcome! Log In Create A New Profile

Advanced

Nginx OCSP ssl stapling file works but normal stapling with resolver does not?

Posted by _ck_ 
Nginx OCSP ssl stapling file works but normal stapling with resolver does not?
September 16, 2013 03:17PM
I am able to create a valid stapling file using openssl and it works perfectly with nginx ssl_stapling_file

However if I turn off the file and leave ssl_stapling on and add a resolver it does not work

Outbound port 53/80/443 works fine on the server.

Note that I have to add a HOST header to openssl command line, and this may be where nginx is failing to fetch what it needs? It may be a limitation of the remote server using virtual hosts and needs to know which host to connect?


openssl ocsp -noverify -text -no_nonce \
-issuer level1.crt -CAfile CAbundle.crt -cert level0.crt -VAfile level1.crt \
-respout domain.staple \
-header "HOST" "ocsp.startssl.com" \
-url http://ocsp.startssl.com/sub/class1/server/ca


Without HOST even openssl cannot make the stapling file.

If it matters, this is with Nginx 1.4.2 not trunk

Thanks for any ideas.



Edited 1 time(s). Last edit at 09/16/2013 03:17PM by _ck_.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 109
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready