# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
Description here: https://wiki.mozilla.org/Security/Server_Side_TLS#OSCP_Stapling
nginx snippet (https://mozilla.github.io/server-side-tls/ssl-config-generator/):