APM : Machine Cert issuer value and OCSP responder

Question

Hello all,
We're using OCSP responder in an APM policy after a Machine Cert Auth.
The "session.check_machinecert.last.cert.issuer.cert" variable is not populated by the Machinne Cert Auth.
So we have to assign the variable with the cert issuer value ...
That's working, for sure, but :
- when the CA cert change we have to change it in each oh the APM branchs
- We have two differents CA authorities, so to separage assign with the different values, etc ...&nbsp;
No way to make it easier ?
Have a good day&nbsp;

stanislas_piro2 · Answer

you can create at the beginning of the VPE one variable:
session.custom.issuer.cert

with the CA cert.
Then after Machine Cert box, create a variable assign with
session.check_machinecert.last.cert.issuer.cert == Variable session.custom.issuer.cert

when the CA changes, change only the first value.

letendart · Answer

Salut à tous,&nbsp;
Stanislas gave me a first tip but my problem is more complex, let me explain more :
- I have to check computer certs in multiple access profiles
- In each of them I must check that the cert issuer is from CA1 or CA2 ...
- I also have to save the CA cert issuer for the OCSP check ...
As you may see in the attached screenshot it's getting not easy to manage and really bad optimization.&nbsp;
&nbsp;
Bonne journèe&nbsp;

Forum Discussion

APM : Machine Cert issuer value and OCSP responder

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

NGINX Virtual Machine Building with cloud-init

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

APM SAML IdP - SP Issuer Extraction

Ubuntu Virtual Machine for NGINX Microservices March 2022 Labs

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS