On centos, but I guess for every OS, I want to make ocsp stapling work in Nginx
ssl_stapling on;
ssl_trusted_certificate ??????;
ssl_stapling_verify on;
what do I define for ssl_trusted_certificate
?
People talk about "chain+root file" or root.ca, but it's very unclear to me if these files are already on my server or where to find/create them.
I have a valid certificate from Let's Encrypt and SSL/TLS (https) is working fine already. But how do I go from here?
Best Answer
For anyone wondering...
note the hash, by having no verify it actually works:
on the command line:
openssl s_client -connect DOMAIN:443 -tls1 -tlsextdebug -status |grep OCSP -A 2 -B 1