服务器 Gind.cn
  1. 服务器 Gind.cn
  3. OCSP响应者在请求证书状态时超时
Intereting Posts
清漆和SSL – 高请求时间 Pure-FTPD chroot无法在新的Debian上安装? 我可以将两个宽带互联网连接合并为一个吗? NetWare到SLES Apache别名 如何监视Windows主机通过SNMPnetworking带宽? tmpfs在重新启动时更改大小 活动目录和子域名 限制使用IPTABLES的用户Linuxlogin 这个“安全漏洞查找器”应用程序的名称是什么? 这个bash shell别名在哪里configuration? SUPERMICRO MBD-X7SBE上的板载RAID-1或软件RAID Asterisk重用? 在MySQL复制放缓之后,新旧数据是否可能被旧的覆盖? 预定的邮件在asp.net 通过组策略卸载Office 2007后部署Office 2010 如何推迟上游MTA难以反弹的邮件

OCSP响应者在请求证书状态时超时

我在我的nginx错误日志中间歇性地看到如下的错误:

OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: ocsp.comodoca.com

我需要做些什么来解决这些问题?

我觉得在comodoca.com的服务器是可靠的,所以这可能是一些其他的configuration错误? 我正在使用来自第三方CA的公共证书。 我在这里

我附上我的nginx conf如下: 

 server { server_name example.com; listen 443 ssl; ssl_certificate /etc/nginx/ssl/cert_chain.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:1250m; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP'; # OCSP Stapling --- ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/ssl/example_com.ca-bundle; add_header Strict-Transport-Security "max-age=2592000; includeSubDomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; charset utf-8; underscores_in_headers on; limit_conn conn_limit_per_ip 10; limit_req zone=req_limit_per_ip burst=20; # write error log file for https errors: error_log /var/log/nginx/https-error_log warn; location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { root /home/user/folder/myapp; access_log off; expires 30d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } . . . }