Nginx OCSP

 

#开启

vim  /path/to/path/conf/nginx.conf

.....

events{

  ...... 省略.....

}

http {

  .....

server{

  listen 443 ssl;
  server_name domain_name.com;
  ssl on;
  ssl_certificate ssl/server.crt;
  ssl_certificate_key ssl/server.key;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 15m;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  root /xxx/xxxx/xxxx/xxxx;
  index index.html index.htm index.php;
  location / {

    .... 省略.....

  }

}

 

 

 

nginx -s reload

openssl s_client -connect domain_name:443 -status

 

 

参考地址:https://www.digicert.com/ssl-support/nginx-enable-ocsp-stapling-on-server.htm

 

 

欢迎加入QQ群一起讨论Linux、开源等技术 

posted @ 2019-05-20 15:52  Linux大魔王  阅读(472)  评论(0编辑  收藏  举报