Should I concatenate all certificates(server + intermediates + root) or just(server + intermediates) for ssl_trusted_certificate directive in NGINX.
Asked
Active
Viewed 459 times
-2
user3448600
- 1,579
- 2
- 13
- 12
-
You should show what you did up until now to solve this on your own. – gxx May 05 '16 at 20:42
1 Answers
1
You should add the following setting
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
to configure OCSP Stapling (the server certificate should not be concatenated here), but you should use ssl_certificate, where the server certificate is provided together with all intermediate certificates:
ssl_certificate /path/to/signed_cert_plus_intermediates;
On the other side one should don't include the root_CA_cert here.
Oleg
- 249
- 3
- 6
-
So for OCSP intermediate certs + root only. I know about other things. – user3448600 May 06 '16 at 05:52
-
Ah, and I forgot, what order for `ssl_trusted_certificate` root + intermediate or intermediate + root. Please edit your answer when you can. – user3448600 May 06 '16 at 06:06