0
0
Nginxdevops~20 mins

OCSP stapling in Nginx - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
OCSP Stapling Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
OCSP Stapling Status Check
You run the command openssl s_client -connect example.com:443 -status to check OCSP stapling on a server. What output indicates that OCSP stapling is working correctly?
AOCSP response: Response verify OK
BOCSP response: no response sent
COCSP response: error parsing response
DOCSP response: response expired
Attempts:
2 left
💡 Hint
Look for a message that confirms the OCSP response is valid and verified.
Configuration
intermediate
2:00remaining
Enable OCSP Stapling in Nginx
Which Nginx configuration snippet correctly enables OCSP stapling for a server block?
A
ssl_stapling on;
resolver 127.0.0.1;
ssl_stapling_verify off;
B
ssl_ocsp on;
ssl_ocsp_verify on;
C
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
D
ssl_stapling off;
ssl_stapling_verify off;
Attempts:
2 left
💡 Hint
You need to enable stapling and verification, and specify a valid resolver.
Troubleshoot
advanced
1:30remaining
Troubleshooting OCSP Stapling Failures
After enabling OCSP stapling, your Nginx error log shows: no responder URL in OCSP response. What is the most likely cause?
AThe SSL certificate does not include an OCSP responder URL.
BThe resolver IP addresses are unreachable.
CThe SSL certificate is expired.
DThe server block is missing the 'ssl on;' directive.
Attempts:
2 left
💡 Hint
Think about what the OCSP response needs to include to be valid.
🔀 Workflow
advanced
2:00remaining
OCSP Stapling Renewal Workflow
Which sequence correctly describes the steps Nginx follows to maintain OCSP stapling during operation?
A2,1,3,4
B1,3,2,4
C1,2,4,3
D1,2,3,4
Attempts:
2 left
💡 Hint
Think about fetching, caching, serving, then renewing the OCSP response.
Best Practice
expert
2:00remaining
Best Practice for OCSP Stapling Resolver Configuration
Which resolver configuration is best practice for OCSP stapling in Nginx to ensure reliability and security?
Aresolver 0.0.0.0 valid=300s; resolver_timeout 5s;
Bresolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s;
Cresolver 127.0.0.1 valid=300s; resolver_timeout 5s;
Dresolver 192.168.1.1 valid=300s; resolver_timeout 5s;
Attempts:
2 left
💡 Hint
Use public, reliable DNS servers for OCSP resolver settings.