Welcome! Log In Create A New Profile

Advanced

Re: There is a newer OCSP response but was not provided by the server

September 23, 2015 02:22PM
The files are correct as they are:
ssl_trusted_certificate includes the intermediate and the root ca,
ssl_certificate includes the server's own and the intermediate.

The error was ... in a missing ssl_trusted_certificate directive in one of
the server clauses. A human error, undetected by nginx. To prevent
such errors from happening, considering the complexity of certain
configurations and the possibility of human error, it would be very
useful to have a static check from nginx, at startup.

Moving forward, server is up and running with

> ssl_stapling on;
> ssl_stapling_verify on;

and no ssl_stapling_file.

The last problem standing is ...
the priming of the cache for each worker process.

When nginx starts, it should prime all of its worker processes.

Both the above recomendations are now in the wish list.

Thank you for the exchange. I hope it will be useful to others.
Subject Author Posted

There is a newer OCSP response but was not provided by the server

173279834462 September 22, 2015 05:33AM

Re: There is a newer OCSP response but was not provided by the server

Maxim Dounin September 22, 2015 09:02AM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 22, 2015 05:21PM

Re: There is a newer OCSP response but was not provided by the server

Maxim Dounin September 23, 2015 08:34AM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 09:42AM

Re: There is a newer OCSP response but was not provided by the server

itpp2012 September 23, 2015 11:29AM

Re: There is a newer OCSP response but was not provided by the server

Maxim Dounin September 23, 2015 10:50AM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 11:39AM

Re: There is a newer OCSP response but was not provided by the server

Maxim Dounin September 23, 2015 12:18PM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 12:53PM

Re: There is a newer OCSP response but was not provided by the server

Maxim Dounin September 23, 2015 01:22PM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 01:33PM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 01:35PM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 01:39PM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 01:41PM

Re: There is a newer OCSP response but was not provided by the server

173279834462 September 23, 2015 02:22PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 99
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready