search

mafintosh / add-nginx-ssl

Add SSL config to nginx
MIT License
65 stars 4 forks source link

Add OSCP Stapling #2

Open emilbayes opened 6 years ago

emilbayes commented 6 years ago

Description here: https://wiki.mozilla.org/Security/Server_Side_TLS#OSCP_Stapling

nginx snippet (https://mozilla.github.io/server-side-tls/ssl-config-generator/):

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    resolver <IP DNS resolver>;
millette commented 6 years ago

Nit picking, it's "OCSP Stapling". https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling