The Heartbleed bug triggered a review of the configuration of my own web server. As a result I discovered that I had my Online Certificate Status Protocol (OCSP) stapling configured wrong. In this article I will briefly explain OCSP and OCSP stapling, what I had done wrong and what is a—as far as I know now—right way to implement OCSP stapling in Nginx.
Since April 2012 we are using Whiskers to store information about our Plone and Django buildouts. But when I moved the setup behind SSL, the browser started to complain about unsafe content.