Best Practice OCSP Stapling for Clients

[Janko1000]

Hi all,

can Anybody tell what is the best Way to add OCSP Stapling for Clients?
I try to add the Commands to the Nginx Field but without success:

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/cert_chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

The Clients have the Certs from everywhere.... Comodo, StartSSL, Thawte, WoSign and many others. I want only add OCSP for some Clients.

 

[Walter]

Make sure the certificate is setup for the domain and working then you should be able to use the following command per domain in the nginx additional directives field:

#Enable OCSP
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;