Skip to content

Instantly share code, notes, and snippets.

@denji

denji/OCSP-generate.sh

Last active February 23, 2018 06:12
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save denji/8359192 to your computer and use it in GitHub Desktop.
Save denji/8359192 to your computer and use it in GitHub Desktop.
Download ZIP
Priming the OCSP cache in Nginx
Raw
OCSP-generate.sh
#!/bin/sh
ISSUER_CER=$1
SERVER_CER=$2
URL=$(openssl x509 -noout -ocsp_uri -in "$SERVER_CER")
openssl ocsp -noverify -no_nonce -respout ocsp.resp -issuer "$ISSUER_CER" -cert "$SERVER_CER" -url "$URL"
# Where "ocsp.resp" is whatever file you have configured in Nginx for the "ssl_stapling_file".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment