Hello! On Sun, Apr 12, 2015 at 12:21:19PM -0400, numroo wrote:
> >> Yes, I ran the s_client command multiple times to account for the nginx > >> responder delay. I was testing OCSP stapling on just one of my domains. > >> Then I read that the 'default_server' SSL server also has to have OCSP > >> stapling enabled for vhost OCSP stapling to work: > >> > >> https://gist.github.com/konklone/6532544 > > > >There is no such a requirement. > > I have the same problem here. > > openssl s_client -servername ${WEBSITE} -connect ${WEBSITE}:443 -tls1 > -tlsextdebug -status|grep OCSP > > Always returns the following on all virtual hosts no matter on how many > times I try: > OCSP response: no response sent > > But as soon that I disable my self-signed default host and restart Nginx, I > get a successfull repsonse on the second request on all CA signed hosts: > OCSP Response Status: successful (0x0) As previously suggested, tests with trivial config and debugging log may help to find out what goes wrong. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
