However, nginx doesnt wait for the ocsp response to complete before servicing the connection, so the first connection never gets a stapled response. This is not available in the current ubuntu lts releases 12. Knowledgebase powered by kayako help desk software. How to configure ocsp stapling in apache and nginx. Use this if your ssl web server like nginx is behind a firewall and has to use a proxy to reach ocsp servers in order to implement ocsp stapling dlecorfecocsp proxy.
The ocsp stapling cache is perprocess, and nginx doesnt initiate an ocsp request until it receives the first ssl connection to a site. To save you the trouble of looking this up, the following sections contain instructions on how to enable ocsp stapling in your apache and nginx environments. Before going ahead with the configuration, a short brief on how certificate revocation works. Installing ssl godaddy on nginx sikandar khan medium. If ocsp stapling is not enabled, you will not see any ocsp response data, and you now need to see if the intermediate certificate is properly installed check that the intermediate certificate is properly installed. Instructions for enabling ocsp stapling on your windows server. Ocsp stapling is a tlsssl extension which aims to improve the performance of ssl negotiation while maintaining visitor privacy. Sorry either this article does not exist or you havent been given permission to view it. I would like to enable ocsp stapling in my nginx server. After a few days of tearing my hair out, it appears nginx does not prime its ocsp cache for a site for the very first visitor. Letsencrypt handling ocsp stapling cache on nginx discussion. How to configure ocsp stapling on apache and nginx. For the ocsp stapling to work, the certificate of the server certificate issuer should be known. For more information about the online certificate status protocol ocsp and the benefits of ocsp stapling, see enable ocsp stapling on your server windows.