Finally had some time to construct an extremely basic server configuration with a default HTTP and HTTPS server and test it. I'm working on a production server, so there are quite a few requests every second and therefore the downtime had to be scheduled into a tiny window of opportunity. I also temporarily compiled and enabled a debug build for a few minutes (the log file went nuts). I had ssl_stapling on and no verification. There was still no OCSP stapling response data or anything related to OCSP in the debug logs.
Based on numroo's earlier response and since I was also able to fiddle around with the config in production, I decided to temporarly disable the default SSL server with the self-signed cert. After reloading the config, bam! Instantly OCSP stapling started working as expected (even with verification turned on). Re-enabling the default SSL server with the self-signed cert caused OCSP to stop working again. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257833,258571#msg-258571 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
