Welcome! Log In Create A New Profile

Advanced

Re: SSL OCSP stapling won't enable

Steve Wilson
December 14, 2013 08:38PM
I'm using startssl for my certificates so had problems with the
ssl_trusted_certificate too.

just using resolver and ssl_stapling on got mine enabled.

https://www.ssllabs.com/ssltest/analyze.html?d=stevewilson.co.uk

Using openssl on the console's helpful too:

openssl s_client -connect www.stevewilson.co.uk:443 \
-tls1 -tlsextdebug -status < /dev/null| grep OCSP

Not working yet gives "OCSP response: no response sent"

give it time to gather the data and it then gives response data.

Steve.

On 14/12/2013 20:12, MacLemon wrote:
> Only when I set `ssl_stapling_verify off;`I can get OCSP stapling to work on my setup. In my experience helps to (re)load the page a few times before testing with SSLLabs to give the server time to fetch the OCSP response.
>
> Best regards
> MacLemon
>
> On 14.12.2013, at 08:06, justin <nginx-forum@nginx.us> wrote:
>> According to ssllabs.com SSL OCSP stapling is not enabled, even though I
>> have the following in my http block:
>>
>> ssl_stapling on;
>> ssl_stapling_verify on;
>> ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.trust.crt;
>> resolver 8.8.4.4 8.8.8.8 valid=600s;
>> resolver_timeout 15s;
>>
>> Any idea why? Here is my full ssllabs.com report:
>> https://www.ssllabs.com/ssltest/analyze.html?d=commando.io
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL OCSP stapling won't enable

Anonymous User December 14, 2013 02:06AM

Re: SSL OCSP stapling won't enable

MacLemon December 14, 2013 03:14PM

Re: SSL OCSP stapling won't enable

Steve Wilson December 14, 2013 08:38PM

Re: SSL OCSP stapling won't enable

Anonymous User December 15, 2013 08:43PM

Re: SSL OCSP stapling won't enable

djlarsu December 16, 2013 11:13AM

Re: SSL OCSP stapling won't enable

djlarsu December 16, 2013 11:22AM

Re: SSL OCSP stapling won't enable

Anonymous User December 16, 2013 02:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 253
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready