Only when I set `ssl_stapling_verify off;`I can get OCSP stapling to work on my setup. In my experience helps to (re)load the page a few times before testing with SSLLabs to give the server time to fetch the OCSP response.
Best regards MacLemon On 14.12.2013, at 08:06, justin <[email protected]> wrote: > According to ssllabs.com SSL OCSP stapling is not enabled, even though I > have the following in my http block: > > ssl_stapling on; > ssl_stapling_verify on; > ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.trust.crt; > resolver 8.8.4.4 8.8.8.8 valid=600s; > resolver_timeout 15s; > > Any idea why? Here is my full ssllabs.com report: > https://www.ssllabs.com/ssltest/analyze.html?d=commando.io _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
