Welcome! Log In Create A New Profile

Advanced

Re: OCSP stapling and resolver

Previous Message Next Message
Forum List Message List New Topic Print View
A. Schulze
September 26, 2017 03:26AM
Grzegorz Kulewski:

> Hello,
>
> Is resolver in nginx still needed for OCSP stapling?
>
> I am getting a warning from nginx if resolver is not supplied but at
> the same time both Qualys and openssl s_client output suggest OCSP
> stapling is working. Strange

There are two options

- let nginx fetch the ocsp response from ca server
- fetch offline and point nginx via ssl_stapling_file to the data

1 require a resolver and serve the first response after restart
without ocsp data
2 require a resolver outside nginx (but not inside), some scripting
and deliver oscp data also at the first response


>
> --
> Grzegorz Kulewski
> gk@leniwiec.biz
> +48 663 92 88 95
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

OCSP stapling and resolver

Grzegorz Kulewski September 25, 2017 09:50PM

Re: OCSP stapling and resolver

A. Schulze September 26, 2017 03:26AM

Re: OCSP stapling and resolver

Maxim Dounin September 26, 2017 09:22AM

Re: OCSP stapling and resolver

Grzegorz Kulewski September 26, 2017 11:26AM

Re: OCSP stapling and resolver

Maxim Dounin September 27, 2017 01:54PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 140
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready