OCSP Stapling for Thawte certificates does not work

Question

OCSP Stapling does not work for Thawte certificates on Nginx, what could be the problem?

Configured Nginx to work with OCSP Stapling.

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /ssl/ssl_trusted_certificate.crt;

The ssl_trusted_certificate.crt certificate includes the stitched root.crt and intermediate.crt.

The verification request indicates that OCSP Stapling is still off:

Openssl s_client -connect xxx.xxx:443 -tls1 -tlsextdebug -status

Result:

OCSP Response: No response sent

Who knows this problem?

score 0 · Accepted Answer · answered Jun 22 '17 at 23:37

As it turned out, the problem was not in the certificate and server settings. In order for OCSP Stapling to work, you need to go through a couple of pages of the site. On the first request, the server will request data from the certification center servers, and then go to OCSP.

OCSP Stapling for Thawte certificates does not work

1 Answers1