Activate OCSP Stappling on Nginx 1.3.7+
To activate OCSP Stapling support, edit your site configuration and add the following lines:ssl_stapling on; ssl_stapling_verify on;
If you encounter the following error:
Fri May 09 23:36:44.055900 2014] [ssl:error] [pid 1491:tid 139921007208320] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate! [Fri May 09 23:36:44.056018 2014] [ssl:error] [pid 1491:tid 139921007208320] AH02235: Unable to configure server certificate for stapling
Retrieve your entire certification chain (root included) in pem format and include to it your site configuration by adding this line:
ssl_trusted_certificate /path/to/your/chain.pem;
You will need to add a DNS resolver that will be used to get the IP address of the CA's OCSP servers.
resolver 8.8.8.8;
Last edited on 07/17/2017 07:21:39 --- [search]