I'm using startssl for my certificates so had problems with the ssl_trusted_certificate too.
just using resolver and ssl_stapling on got mine enabled. <https://www.ssllabs.com/ssltest/analyze.html?d=stevewilson.co.uk> Using openssl on the console's helpful too: openssl s_client -connect www.stevewilson.co.uk:443 \ -tls1 -tlsextdebug -status < /dev/null| grep OCSP Not working yet gives "OCSP response: no response sent" give it time to gather the data and it then gives response data. Steve. On 14/12/2013 20:12, MacLemon wrote: > Only when I set `ssl_stapling_verify off;`I can get OCSP stapling to work on > my setup. In my experience helps to (re)load the page a few times before > testing with SSLLabs to give the server time to fetch the OCSP response. > > Best regards > MacLemon > > On 14.12.2013, at 08:06, justin <[email protected]> wrote: >> According to ssllabs.com SSL OCSP stapling is not enabled, even though I >> have the following in my http block: >> >> ssl_stapling on; >> ssl_stapling_verify on; >> ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.trust.crt; >> resolver 8.8.4.4 8.8.8.8 valid=600s; >> resolver_timeout 15s; >> >> Any idea why? Here is my full ssllabs.com report: >> https://www.ssllabs.com/ssltest/analyze.html?d=commando.io > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
