For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mikegray_198028's avatar
mikegray_198028
Icon for Cirrus rankCirrus
Oct 11, 2016

client authentication certificate with ocsp

Hello,   could you please help me to configure client authentication using ocsp.   we have dedicated CA with OCSP responder. we need to authenticate connection to vip using client authentica...
application delivery
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 11, 2016

Client certificate OCSP and OCSP stapling are two different things.

 

OCSP stapling is a function that allows the client SSL profile to prefetch revocation status of its own certificate and send that information to a client that supports the STATUS_REQUEST TLS extension.

 

Client certificate OCSP revocation checking is a separate function that allows the BIG-IP to validate the status of a client's certificate. This can be done in an LTM authentication profile, but that feature has been mostly deprecated in favor of APM OCSP.