龙空技术网

如何在Apache和Nginx开启 OCSP Stapling

湘西笔者 99

前言:

如今同学们对“怎么开启apache”大概比较关切,同学们都想要分析一些“怎么开启apache”的相关资讯。那么小编同时在网络上网罗了一些有关“怎么开启apache””的相关文章,希望咱们能喜欢,同学们快快来学习一下吧!

# OCSP stapling

ssl_stapling on;

ssl_stapling_verify on;

# 使用根CA和中间证书验证OCSP响应的信任链

ssl_trusted_certificate ${webssl}/${domain}/${domain}.ocsp.resp;

resolver 127.0.0.1;

openssl ocsp -no_nonce -respout ${webssl}/${domain}/rzsmt.com -issuer ${webssl}/${domain}/ca.cer -verify_other ${webssl}/${domain}/ca.cer -cert ${webssl}/${domain}/${domain}.cer -url "$(openssl x509 -in ${webssl}/${domain}/ca.cer -noout -ocsp_uri)" > ${webssl}/${domain}/rzsmt.com.txt 2>&1if grep -q ": good" ${webssl}/${domain}/rzsmt.com.txt; thenif cmp -s ${webssl}/${domain}/rzsmt.com ${webssl}/${domain}/${domain}.ocsp.resp; thenrm ${webssl}/${domain}/rzsmt.comelsemv ${webssl}/${domain}/rzsmt.com ${webssl}/${domain}/${domain}.ocsp.resp/etc/init.d/nginx reloadfielsecat ${webssl}/${domain}/rzsmt.com.txt | echo "OCSP error for ${domain}"fi

标签: #怎么开启apache