# OCSP stapling...
ssl_stapling on;
ssl_stapling_verify on;
#trusted cert must be made up of your intermediate certificate followed by root certificate
#ssl_trusted_certificate /path/to/ca.crt;
resolver valid=60s;
resolver_timeout 2s;