I have generated the certificates as given below:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
Intermediate-CA:
intermediateca.key
intermediateca.crt
Server:
server.key
server.crt
My openssl.conf for Server:
[ server_cert ]
authorityInfoAccess = OCSP;URI:http://www.example.com
[ ocsp ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, OCSPSigning
My Nginx conf:
server {
listen 443 ssl;
listen [::]:443 SSL;
server_name www.example.com;
ssl_certificate /home/user/conffiles/server+intermediateca.crt;
ssl_certificate_key /home/user/conffiles/server.key;
ssl_ocsp on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /home/user/conffiles/rootca+intermediateca.crt;
}
I am getting an Nginx Error:
[error] 4318#4318: OCSP responder sent invalid "Content-Type" header: "text/html; charset=utf-8" while requesting certificate status, responder: www.example.com, peer: 192.168.10.100:80, certificate: "/home/user/conffiles/server+intermediateca.crt"
Also, I am not getting any output with the following command:
echo QUIT | openssl s_client -connect www.example.com:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
I don't understand what is wrong with the conf files. How can I configure OCSP in Nginx?
Please help me, I need this bug fixed. I appreciate your time. Thank you.
