All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
About the free Wosign and OCSP in nginx
Hello.
I've been trying several things to make stapling work under this CA, but I haven't found any information on how to do it exactly.
My best guess, is that I am putting the wrong chain of certs in the "ssl_trusted_certificate" directive. I used all the certs on the bundle as they give you excluding the first certificate, which is the one for your site.
Currently, I've found one site with some nginx configuration, having wosign+ocsp working: https://www.hatoko.net/nginx/nginx-ssl.html (it opens slowly for me sometimes, or you can try the google cache).
As far as I can see, they use exactly the same free cert. And also I am using the SHA2 chinese one.
I've copied almost everything related to ocsp in that configuration without success. And to be honest, is my first time trying to implement this, but isn't easy as it seems.
BTW, someone knows if their English certs are now being created with SHA2?
Thanks for reading.
Comments
I'm currently using the root_bundle.crt and the domain.crt but it still wont staple.
300-400ms latency to ocsp6.wosign.com isn't good, stapling could make a difference.
Edit: my bad, I forgot to add -servername when using openssl s_client on a SNI-only server.