digitalocean/nginxconfig.io

Configuring OCSP

Open

#340 aperta il 8 apr 2022

Vedi su GitHub
 (6 commenti) (1 reazione) (1 assegnatario)JavaScript (1978 fork)batch import
hacktoberfesthelp wanted

Metriche repository

Star
 (26.979 star)
Metriche merge PR
 (Nessuna PR mergiata in 30 g)

Descrizione

Information

https://whatismybrowser.com/w/QCB7F49

Help request

Problem

OCSP is not enabled after using the generated configuration. Multiple tools (digicert helpers, ssllabs, openssl) report that OCSP is disabled. I made sure I was checking this on subsequent requests due to asynchronicity of the OCSP fetch.

What I have tried

The OCSP stapling configured in the nginx.conf

# OCSP Stapling
ssl_stapling           on;
ssl_stapling_verify    on;
resolver               1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout       2s;

The trusted certificate configured in the server block (some systems might require this when ssl_stapling_verify is on)

ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

Guida contributor