Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

About the free Wosign and OCSP in nginx
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

About the free Wosign and OCSP in nginx

yomeroyomero Member
edited March 2015 in Help

Hello.

I've been trying several things to make stapling work under this CA, but I haven't found any information on how to do it exactly.

My best guess, is that I am putting the wrong chain of certs in the "ssl_trusted_certificate" directive. I used all the certs on the bundle as they give you excluding the first certificate, which is the one for your site.

Currently, I've found one site with some nginx configuration, having wosign+ocsp working: https://www.hatoko.net/nginx/nginx-ssl.html (it opens slowly for me sometimes, or you can try the google cache).
As far as I can see, they use exactly the same free cert. And also I am using the SHA2 chinese one.

I've copied almost everything related to ocsp in that configuration without success. And to be honest, is my first time trying to implement this, but isn't easy as it seems.

BTW, someone knows if their English certs are now being created with SHA2?

Thanks for reading.

Comments

  • pechspilzpechspilz Member
    edited March 2015

    I'm currently using the root_bundle.crt and the domain.crt but it still wont staple.

    ./domain.crt: good
        This Update: Mar  8 12:33:00 2015 GMT
        Next Update: Mar 10 12:33:00 2015 GMT
    

    300-400ms latency to ocsp6.wosign.com isn't good, stapling could make a difference.

    Edit: my bad, I forgot to add -servername when using openssl s_client on a SNI-only server.

Sign In or Register to comment.