ssl_stapling

Syntax:	`ssl_stapling on \| off;`
Default:	`ssl_stapling off;`
Context:	`http`, `server`

This directive appeared in version 1.3.7.

Enables or disables stapling of OCSP responses by the server. Example:

ssl_stapling on;
resolver 192.0.2.1;

For the OCSP stapling to work, the certificate of the server certificate issuer should be known. If the ssl_certificate file does not contain intermediate certificates, the certificate of the server certificate issuer should be present in the ssl_trusted_certificate file.

For a resolution of the OCSP responder hostname, the resolver directive should also be specified.

Links:

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling

doc_nginx

2017-02-09 07:09:34

Comments