Nginx OCSP
#开启
vim /path/to/path/conf/nginx.conf
.....
events{
...... 省略.....
}
http {
.....
server{
listen 443 ssl;
server_name domain_name.com;
ssl on;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 15m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /xxx/xxxx/xxxx/xxxx;
index index.html index.htm index.php;
location / {
.... 省略.....
}
}
nginx -s reload
openssl s_client -connect domain_name:443 -status
参考地址:https://www.digicert.com/ssl-support/nginx-enable-ocsp-stapling-on-server.htm
欢迎加入QQ群一起讨论Linux、开源等技术