For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Phl_72583's avatar
Phl_72583
Icon for Nimbostratus rankNimbostratus
Sep 24, 2008

Bypass OCSP for certain hosts

Hi all,     Disclaimer: An F5 novice throwing up a Hail Mary.     I have a client certificate used by an external entity - over which I have no control - that will not pass an OC...
application delivery
dev
devops
iRules
Phl_72583's avatar
Phl_72583
Icon for Nimbostratus rankNimbostratus
Oct 15, 2008
Thanks for the response. I intended to follow up but this fell through the cracks as it turned into a dead issue.

 

 

You are correct that we did require client certificates and I had initially considered your suggestion. However, we needed the cert to come through the handshake so that we could then extract the identity of the user. So this was a backwards situation really - needing to use OCSP with the exception of one bad certificate that shouldn't pass anyway.

 

 

It was a band-aid attempt. We finally found someone to take care of the cert and all was well.

 

Thanks.