According to the nginx docs, you can specify certificates to be trusted for both OCSP response and client certificate verification:
ssl_trusted_certificate / ssl_client_certificate
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
Is there a way to trust a certificate only for OCSP signing, but not for client certificates?
