Hello! On Fri, Dec 04, 2015 at 05:40:02PM -0500, agruener wrote:
> OCSP is not working on my raspberrypi2 with nginx 1.9.7 and OpenSSL 1.0.2e. > I have compiled both together. > > tail /var/log/nginx/error.log > > 2015/12/04 22:28:21 [error] 14841#0: OCSP response not successful (1: > malformedrequest) while requesting certificate status, responder: > ocsp.startssl.com > 2015/12/04 22:28:29 [error] 14841#0: OCSP response not successful (1: > malformedrequest) while requesting certificate status, responder: > ocsp.startssl.com > 2015/12/04 22:28:30 [error] 14842#0: OCSP response not successful (1: > malformedrequest) while requesting certificate status, responder: > ocsp.startssl.com The message means that an OCSP request was successfully sent, but OCSP responder returned an error. This may be either due to OCSP response being indeed incorrect for some reason, or due to a problem on OCSP responder side. You may try the following: - check if OCSP requests from other clients (e.g., browsers) work; note that openssl's OCSP client will likely fail out of the box; - check if the same error occurs on x86 hosts for the same certificate or not; - try tcpdump'ing traffic between nginx and the OCSP responder to see what happens on the wire. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
