Note: for nginx there is https://nginx.org/en/docs/http/ngx_http_ssl_module.html... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

c0balt 11 months ago | parent | context | favorite | on: Intent to end OCSP service

Note: for nginx there is https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_... which needs to be pointed to a pem-encoded file with the CRL list (list of revoked certs).

So no API-based configuration, like OCSP stapling, that just works. I can probably try to configure this with a cronjob/systemd timer but this is significantly less ergonomic.

Arnavion 11 months ago [–]

You were previously using OCSP stapling for your server cert. The CRLs containing your server cert have nothing to do with your server. The server config you have found is for nginx to verify client certs.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact