Welcome! Log In Create A New Profile

Re: How to enable OCSP stapling when default server is self-signed?

Forum List Message List New Topic Print View

Maxim Dounin

April 13, 2015 07:58AM

Hello!

On Sun, Apr 12, 2015 at 12:21:19PM -0400, numroo wrote:

> >> Yes, I ran the s_client command multiple times to account for the nginx
> >> responder delay. I was testing OCSP stapling on just one of my domains.
> >> Then I read that the 'default_server' SSL server also has to have OCSP
> >> stapling enabled for vhost OCSP stapling to work:
> >>
> >> https://gist.github.com/konklone/6532544
> >
> >There is no such a requirement.
>
> I have the same problem here.
>
> openssl s_client -servername ${WEBSITE} -connect ${WEBSITE}:443 -tls1
> -tlsextdebug -status|grep OCSP
>
> Always returns the following on all virtual hosts no matter on how many
> times I try:
> OCSP response: no response sent
>
> But as soon that I disable my self-signed default host and restart Nginx, I
> get a successfull repsonse on the second request on all CA signed hosts:
> OCSP Response Status: successful (0x0)

As previously suggested, tests with trivial config and debugging
log may help to find out what goes wrong.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
How to enable OCSP stapling when default server is self-signed?	bughunter	April 05, 2015 11:26PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 06, 2015 03:22PM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	April 07, 2015 12:26AM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 07, 2015 09:24AM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	April 08, 2015 02:30AM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 08, 2015 11:30AM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	May 01, 2015 11:06PM
Re: How to enable OCSP stapling when default server is self-signed?	173279834462	May 07, 2015 11:54AM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	May 11, 2015 10:31AM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	May 07, 2015 01:12PM
Re: How to enable OCSP stapling when default server is self-signed?	173279834462	May 07, 2015 02:28PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	May 08, 2015 08:48AM
Re: How to enable OCSP stapling when default server is self-signed?	numroo	April 12, 2015 12:21PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 13, 2015 07:58AM
Re: How to enable OCSP stapling when default server is self-signed?	hotwirez	September 28, 2016 12:44PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	September 28, 2016 05:16PM
Re: How to enable OCSP stapling when default server is self-signed?	hotwirez	September 29, 2016 09:17AM
Re: How to enable OCSP stapling when default server is self-signed?	B.R.	September 29, 2016 01:02PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 309

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018