OCSP stapling with nginx

certificate nginx ssl openssl

For OCSP requests used for OCSP stapling nginx uses GET requests, as described in RFC 2560.

On the other hand, OpenSSL as of last released OpenSSL 1.0.2d only supports POST requests in the OCSP responder daemon available via openssl ocsp. It doesn't recognize GET requests and prints Invalid request for such requests.

To make this work, you may try OpenSSL from master branch - it seems to contain an attempt to improve OCSP responder code and should handle GET requests properly now. I've never tried though, and may be there are other problems. Please also keep in mind it's unreleased code.

You may also consider using another OCSP responder.

Related

CentOS7 firewalld no zones
Skype For Business WSUS Server 2012
How to group / compose systemd services?
Windows Server Backup: list backups on destination
Jenkins User Credentials Not Showing In Project
AWS Gateway API: Multi-Region deployment from the same domain
Cant connect to S3 with nginx
Mikrotik: how to properly setup IPV6 routing/dhcp server
Build Docker image with cache on build server?
In postfix, how can I allow only certain users to send mail as any other user?
Let's Encrypt -- "DNS ... query timed out looking up CAA for ..."
Why is scp so slow on my network?