我已经生成了如下所示的证书:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
Intermediate-CA:
intermediateca.key
intermediateca.crt
Server:
server.key
server.crt
我的服务器的 openssl.conf:
[ server_cert ]
authorityInfoAccess = OCSP;URI:http://www.example.com
[ ocsp ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, OCSPSigning
我的 Nginx 配置:
server {
listen 443 ssl;
listen [::]:443 SSL;
server_name www.example.com;
ssl_certificate /home/user/conffiles/server+intermediateca.crt;
ssl_certificate_key /home/user/conffiles/server.key;
ssl_ocsp on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /home/user/conffiles/rootca+intermediateca.crt;
}
我收到一个 Nginx 错误:
[error] 4318#4318: OCSP responder sent invalid "Content-Type" header: "text/html; charset=utf-8" while requesting certificate status, responder: www.example.com, peer: 192.168.10.100:80, certificate: "/home/user/conffiles/server+intermediateca.crt"
此外,我没有使用以下命令获得任何输出:
echo QUIT | openssl s_client -connect www.example.com:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
我不明白 conf 文件出了什么问题。如何在 Nginx 中配置 OCSP?
请帮助我,我需要修复这个错误。感谢您的时间。谢谢。