I have a server that supports multiple CA chains. The old CA neither has CRL enabled, nor “Authority Information Access”(AIA) certificate extension in the issued certificates. The new chain has both enabled. When I tried to enable CRL or OCSP check, I found that it broke the SSL verification for the old CA chain. There is no way to enable CRL/OCSP for only the new CA chain. When the NGINby spa84 - Ideas and Feature Requests
![]() |
![]() |
![]() |
![]() |
|