Forum List Message List New Topic Print View

Maxim Dounin

September 22, 2015 09:02AM

Hello!

On Tue, Sep 22, 2015 at 05:33:57AM -0400, 173279834462 wrote:

> Hello,
>
> nginx is not updating the OCSP response cache.
>
> openssl says:
> [...]
> Cert Status: good
> This Update: Sep 9 09:59:46 2015 GMT
> Next Update: Sep 11 09:59:46 2015 GMT
>
> gnutls says "There is a newer OCSP response but was not provided by the
> server".
>
> The configuration says:
>
> [...]
> ssl_stapling on;
> ssl_stapling_verify on;
> ssl_stapling_file [...]/ssl/ocsp-response.der;
> [...]
>
>
> How do you enforce automatic update of the OCSP response cache?

You are using ssl_stapling_file, that is, nginx will always return
content of the file specified and it's you who have to update the
file. Quoting docs (http://nginx.org/r/ssl_stapling_file):

: When set, the stapled OCSP response will be taken from the
: specified file instead of querying the OCSP responder specified in
: the server certificate.

If you want nginx to fetch OCSP responses for you instead, comment
out this directive.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
There is a newer OCSP response but was not provided by the server	173279834462	September 22, 2015 05:33AM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 22, 2015 09:02AM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 22, 2015 05:21PM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 08:34AM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 09:42AM
Re: There is a newer OCSP response but was not provided by the server	itpp2012	September 23, 2015 11:29AM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 10:50AM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 11:39AM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 12:18PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 12:53PM
Re: There is a newer OCSP response but was not provided by the server	Maxim Dounin	September 23, 2015 01:22PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:33PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:35PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:39PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 01:41PM
Re: There is a newer OCSP response but was not provided by the server	173279834462	September 23, 2015 02:22PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

jcourt2006

Guests: 302

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018