Welcome! Log In Create A New Profile

Re: How to enable OCSP stapling when default server is self-signed?

Forum List Message List New Topic Print View

Maxim Dounin

September 28, 2016 05:16PM

Hello!

On Wed, Sep 28, 2016 at 12:44:45PM -0400, hotwirez wrote:

[...]

> I wanted to mention that I've run into this issue as well when trying to
> enable OCSP stapling, where I have a default_deny SSL server that has a
> self-signed certificate where I don't want to use OCSP stapling, and other
> actual server entries for actual sites where I want OCSP stapling enabled.
> If I enable stapling for only the real sites, it appears to be silently
> disabled. If I enable it for all server instances, it notices that the
> default server uses a self-signed certificate and disables stapling. If I
> remove the default server, OCSP stapling works for the remaining sites, but
> then accessing the site using a means other than the correct server name
> provides the SSL certificate for one of the servers.

Problems with OCSP stapling if it is disabled in the default
server{} block were traced to be an OpenSSL bug, silently fixed in
1.0.0m/1.0.1g/1.0.2. See here for details:

https://trac.nginx.org/nginx/ticket/810

If you see the problem it means you have to update the OpenSSL
library you are using.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
How to enable OCSP stapling when default server is self-signed?	bughunter	April 05, 2015 11:26PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 06, 2015 03:22PM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	April 07, 2015 12:26AM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 07, 2015 09:24AM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	April 08, 2015 02:30AM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 08, 2015 11:30AM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	May 01, 2015 11:06PM
Re: How to enable OCSP stapling when default server is self-signed?	173279834462	May 07, 2015 11:54AM
Re: How to enable OCSP stapling when default server is self-signed?	bughunter	May 11, 2015 10:31AM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	May 07, 2015 01:12PM
Re: How to enable OCSP stapling when default server is self-signed?	173279834462	May 07, 2015 02:28PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	May 08, 2015 08:48AM
Re: How to enable OCSP stapling when default server is self-signed?	numroo	April 12, 2015 12:21PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	April 13, 2015 07:58AM
Re: How to enable OCSP stapling when default server is self-signed?	hotwirez	September 28, 2016 12:44PM
Re: How to enable OCSP stapling when default server is self-signed?	Maxim Dounin	September 28, 2016 05:16PM
Re: How to enable OCSP stapling when default server is self-signed?	hotwirez	September 29, 2016 09:17AM
Re: How to enable OCSP stapling when default server is self-signed?	B.R.	September 29, 2016 01:02PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 171

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018