AnsweredAssumed Answered

OCSP stapling and nginx SNI

Question asked by Tony Z on Nov 30, 2015
Latest reply on Dec 2, 2015 by Tony Z

Hi all,

 

I'm running a Linux server with two virtual hosts on it on nginx 1.6.2, and each of them has a separate certificate from StartCom.

 

When I run SSL test on my website, it prompts that my trusted chain contains anchor, which is the root certificate. However, if I remove the CA from the trusted chain (which currently contains Level 1 Intermediate Certificate and CA Certificate), the OCSP stapling is no longer working (openssl commandline says 'no response' and SSL Labs test replies OCSP Stapling as No). Is there any way that I can remove the CA from the trusted chain while OCSP Stapling still works? And, is there anything to do with SNI?

 

Thanks.

Outcomes