Aug 04, 2017
OCSP Cache
Hello all
We need to implement an OCSP authentication profile on our LTM system to verify the revocation status of client certificates.
Does anyone know if it's possible for the LTM to cach...
Hi,
You can change the caching options in the ocsp stapling profile. Please have a look at the following article, by Jason Rahm: https://devcentral.f5.com/articles/configuring-ocsp-stapling-on-big-ip
Morten
Hi Morten
Thanks for your quick response. We don't want to do OCSP stapling. Our situation is that we have a VS to which the client connects. We've applied a Client SSL Profile to terminate the TLS. We also have Client Authentication turned on so the LTM sends a certificate request. We then need to check the revocation of the client's certificate using OCSP. We have configured an OCSP authentication profile, see:
...the client has asked if the LTM can cache the OCSP response from the Responder so the LTM does not need to send an OCSP request for the same client every time they make a request.
Thanks.
Ah, I missed the part about client certificates. Sorry, but I don't know if what you want can be done.
Regards, Morten
No problem Morten. I'm also scratching my head.