Only when I set `ssl_stapling_verify off;`I can get OCSP stapling to work on my 
setup. In my experience helps to (re)load the page a few times before testing 
with SSLLabs to give the server time to fetch the OCSP response.

Best regards
MacLemon

On 14.12.2013, at 08:06, justin <[email protected]> wrote:
> According to ssllabs.com SSL OCSP stapling is not enabled, even though I
> have the following in my http block:
> 
>  ssl_stapling on;
>  ssl_stapling_verify on;
>  ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.trust.crt;
>  resolver 8.8.4.4 8.8.8.8 valid=600s;
>  resolver_timeout 15s;
> 
> Any idea why? Here is my full ssllabs.com report:
> https://www.ssllabs.com/ssltest/analyze.html?d=commando.io

_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to