Alan Orth 6ccfdb99fa roles/nginx: Enable OCSP stapling ... Reduces round trip time for clients. Note: I am using a certificate chain in the `ssl_certificate' directive, so as I understand it, I don't need to use an explicit trusted intermediate + root CA cert with the `ssl_trusted_certificate' option. See the nginx docs for more[0]. Addresses GitHub Issue #5. Seems to be working, test with: $ openssl s_client -connect mjanja.ch:443 -servername mjanja.ch -tls1 -tlsextdebug -status Look for "OCSP Response" with "Cert Status: good". [0] http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling Signed-off-by: Alan Orth <alan.orth@gmail.com>		2014-12-06 23:28:05 +03:00
..
defaults	Downgrade TLS configuration to Mozilla's "intermediate" spec	2014-10-09 21:09:18 +03:00
files	roles/nginx: Add index to munin vhost	2014-10-05 15:47:14 +03:00
handlers	Initial commit	2014-08-17 00:35:57 +03:00
tasks	roles/nginx: Set nginx state to 'latest' in apt	2014-12-02 18:48:11 +03:00
templates	roles/nginx: Enable OCSP stapling	2014-12-06 23:28:05 +03:00