I've setup nginx with RSA and OCSP.
For another domain, in another
server, I wanted to set it up using ECC and OCSP.
The certificate has been installed and it's working.
But the OCSP part is not.
nginx -t, get:
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate mydomain.com.cer
What I did was to get this certificate:
and use it in the
Apart from the
ssl_certificate_key, the other directives are:
ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; ssl_dhparam /usr/pkg/etc/nginx/certs/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/pkg/etc/nginx/certs/lets-encrypt-e1.pem; ssl_session_cache shared:SSL:20m; ssl_session_timeout 20m; ssl_session_tickets on;
As this is very complex to me, please explain as if I'm five what to do to have OCSP with ECC or if it's not possible.