OCSP Stapling - How do I get this file?

I’m trying to set up NGINX and I stumbled upon these settings:

ssl_stapling
ssl_stapling_verify
ssl_trusted_certificate

I’ve turned the two first to “on”.
But for the “ssl_trusted_certificate” it asks for a file.
Where and how do I get it in Cloudflare? I assume it’s a .pem file?

It’s not the same as my Origin Server certificate file, is it?
Because that one I entered here (and the private key):

ssl_certificate /etc/ssl/.pem;
ssl_certificate_key /etc/ssl/.key;

And my Diffie-Hellman file is here:
ssl_dhparam /etc/ssl/certs/dhparam.pem;

So where do I get this “OCSP” file?

There isn’t a point with OSCP stapling with an origin certificate because it isn’t signed by a valid public certificate authority.

Oh okay, so I should just disable this in my NGINX config?

Disable OCSP stapling due to Origin Certificate

ssl_stapling off;
ssl_stapling_verify off;

Personally, I just have it omitted from my config, as it defaults to off.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.