I've been searching and trying things all day and can't seem to get OCSP stapling working on my web server farm.
I don't believe it is a firewall issue, as I've taken it out of the equation and still encounter the same issue. I've also tested this on a machine not behind the load balancer and it seems to work (I get a response from openssl s_client, though the online ssl testers still show stapling as not working). I am using nginx on several web servers fronted with LVS NAT. LVS is listening on both 80 and 443 so that it can redirect the requests back to nginx. I have the appropriate settings/files on all of the web servers, but am getting a timeout when testing it (I've tried several variations of this command): openssl s_client -connect mydomain.com:443 -tls1 -tlsextdebug -status and I get: Socket: Connection timed out connect:errno=110 I also cannot telnet to mydomain on either 80 or 443. So I'm suspected at this point that the LVS server is the culprit. Is there a way to either set up a cert on that machine or configure it to pass back to the web servers to handle the OCSP/openssl requests? Thanks, Brian _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
