OSCP stapling can't connect. What is the problem?

M

mr.bob2016-08-08 09:35:03

linux

mr.bob, 2016-08-08 09:35:03

Good afternoon.
There was a problem with OSCP stapling. I am using a free SSL certificate from wosign.
I am using Bitrix virtual machine. The certificate screwed norms.
I did it as in the manuals ( https://popov.io/2015/07/10/%D0%BA%D0%B0%D0%BA-%D0... , but still when checking the OCSP Staple SSL certificate site: Not Enabled
Also when testing # openssl s_client -connect SITE_URL:443 -tls1 -tlsextdebug -status (removed the link to the site, because I don't want to show it)
Gives:
OCSP response: no response sent
In my configs for the nginx domain cost these settings.

ssl_prefer_server_ciphers on;
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

  ssl_certificate         /etc/nginx/ssl/support.webbs.pro/1_support.webbs.pro_bundle.crt;
  ssl_certificate_key     /etc/nginx/ssl/support.webbs.pro/2_support.webbs.pro.key;

  # performance
  ssl_session_cache     shared:SSL:10m;
  ssl_session_timeout   5m;

  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;

  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/nginx/ssl/support.webbs.pro/ca-certs.pem;

I am in a stupor and cannot understand what the problem is, because I do everything right.