OK i have this now:
ssl_certificate /unified.crt; (example.com.crt + intermediate.crt)
ssl_trusted_certificate /trusted.crt; (root.pem + intermediate.crt).
openssl s_client -connect phcorner.net:443 -status -tls1_2 | grep OCSP
ssl_certificate /unified.crt; (example.com.crt + intermediate.crt)
ssl_trusted_certificate /trusted.crt; (root.pem + intermediate.crt).
openssl s_client -connect phcorner.net:443 -status -tls1_2 | grep OCSP
Code:
# openssl s_client -connect phcorner.net:443 -status -tls1_2 | grep OCSP
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Responder Id: C = IL, O = StartCom Ltd. (Start Commercial Limited), CN = StartCom Class 1 Server OCSP Signer
Subject: C=IL, O=StartCom Ltd. (Start Commercial Limited), CN=StartCom Class 1 Server OCSP Signer
OCSP Signing, OCSP No Check