user3448600

Asked: 2016-05-06 10:30:36 +0800 CST2016-05-06 10:30:36 +0800 CST 2016-05-06 10:30:36 +0800 CST

Configuring OCSP stapling in NGINX

Should I concatenate all certificates(server + intermediates + root) or just(server + intermediates) for ssl_trusted_certificate directive in NGINX.

1 Answers

Voted

Best Answer

Oleg
2016-05-06T13:36:52+08:002016-05-06T13:36:52+08:00
You should add the following setting

ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

to configure OCSP Stapling (the server certificate should not be concatenated here), but you should use ssl_certificate, where the server certificate is provided together with all intermediate certificates:

ssl_certificate /path/to/signed_cert_plus_intermediates;

On the other side one should don't include the root_CA_cert here.
1

Configuring OCSP stapling in NGINX

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?