Grzegorz Kulewski:
> Hello,
>
> Is resolver in nginx still needed for OCSP stapling?
>
> I am getting a warning from nginx if resolver is not supplied but at
> the same time both Qualys and openssl s_client output suggest OCSP
> stapling is working. Strange
There are two options
- let nginx fetch the ocsp response from ca server
- fetch offline and point nginx via ssl_stapling_file to the data
1 require a resolver and serve the first response after restart
without ocsp data
2 require a resolver outside nginx (but not inside), some scripting
and deliver oscp data also at the first response
>
> --
> Grzegorz Kulewski
> gk@leniwiec.biz
> +48 663 92 88 95
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx