Welcome! Log In Create A New Profile

Advanced

Re: Ocsp stapling

Previous Message Next Message
Forum List Message List New Topic Print View
Alan Orth
October 02, 2015 01:36PM
I'm also seeing this, in nginx 1.8.0. I have several vhosts using SSL, but
only one using OCSP stapling. If I disable all the other servers using SSL
then OCSP stapling works. If this is by design then it should be mentioned
on the documentation page for the SSL module[0].

Regards,

Alan

[0] http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling

On Sun, Aug 23, 2015 at 11:29 PM, <fsantiago@deviltracks.net> wrote:

> Update;
>
> it all works now. once i enabled ocsp stapling for ALL of my virtual
> domains, they then all began reporting correct results.
>
> - fabe
>
>
>
>
> On 2015-08-23 09:55, Fabian Santiago wrote:
>
>> Thanks.
>>
>> It does.
>>
>> Test produces no results.
>>
>> Not working on ssllabs (no result).
>>
>> I'm clueless. I've seen mention out on the web about making sure you
>> define ocsp for the default site or none else will work. I also make
>> use of sni as I only have one ip address.
>>
>> I have no truly "default" site configured.
>>
>> Could be related? I am new to nginx so I'm still learning lots. Thanks
>> again.
>>
>> --
>>
>> Fabe
>>
>>
>> On Aug 23, 2015, at 4:00 AM, biazus <nginx-forum@nginx.us> wrote:
>>>
>>> Config files seems to be OK. Just make sure "ssl_trusted_certificate"
>>> contais the intermediate & root certificates (in that order from top to
>>> bottom).
>>>
>>> You can test with the following command:
>>>
>>> echo QUIT | openssl s_client -connect yourhost.com:443 -status 2>
>>> /dev/null
>>> | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
>>>
>>> good luck
>>>
>>> Posted at Nginx Forum:
>>> http://forum.nginx.org/read.php?2,261177,261185#msg-261185
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



--
Alan Orth
alan.orth@gmail.com
https://alaninkenya.org
https://mjanja.ch
"In heaven all the interesting people are missing." -Friedrich Nietzsche
GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Ocsp stapling

Fabian Santiago August 21, 2015 10:42PM

Re: Ocsp stapling

biazus August 22, 2015 02:34PM

Re: Ocsp stapling

Anonymous User August 22, 2015 02:48PM

Re: Ocsp stapling

biazus August 22, 2015 08:41PM

Re: Ocsp stapling

Fabian Santiago August 23, 2015 09:56AM

Re: Ocsp stapling

Anonymous User August 23, 2015 04:30PM

Re: Ocsp stapling

Alan Orth October 02, 2015 01:36PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

thippeswamyks
Guests: 311
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready