Electronic ID - user authentication with ocsp
I have a problem regarding my BIG IP ASM installation. We have an application that is requesting a certificate to login.
This is an Electonic Identity that is issued by our governement. The current setup is:
- Made an OCSP listener to the correct IP / URL
- Made an authentication configuration (Local traffic --> profiles) with the above OCSP listener in it
- Made an authentication profile with the above configuration and ssl_ocsp as profile
- Uploaded the Root CA from
- applied a ssl client profile with a correct SSL certificate and client authentication enabled with following options:
- Client certificate: request
- Certificate chain traversal depth: 10
- Advertised certificate authorities: Root CA
- Apply the authentication profile to the virtual server
When I go to that site I get a popup to enter my pin code on my e-id and send my citizen certificate. But nothing is happening, the only message I get is page can't be displayed. Also when I'm doing a tcpdump on the ocsp repsonder IP no traffic is generated when I sent my certificate.
Could someone help me on this issue, as mentioned in the manual this should be the correct way to implement an authentication profile with OCSP. The other problem is that I'm not sure about the Root CA because if I'll go to the official website I see for every month a new crt file + the ROOT CA. Is their a way to bundle them an apply these on an authentication profile !
Thanks in advance !