Forum Discussion

Nimbostratus

Aug 22, 2011

Electronic ID - user authentication with ocsp

All, I have a problem regarding my BIG IP ASM installation. We have an application that is requesting a certificate to login. This is an Electonic Identity that is issued by our g...

config

design

hooleylist

Cirrostratus

Aug 22, 2011

Hi Jeroen,

Which LTM version are you testing with? Are you enforcing a client cert with OCSP checking for all URIs or selectively? If you remove the OCSP portion of the config does the client cert validation work?

I tested an OCSP iRule for selective cert requesting by URI on v9.4.8:

http://devcentral.f5.com/wiki/iRules.client_cert_request_by_uri_with_ocsp_checking.ashx

You could either use that as an example to add debug logging for your iRule or update it for 10.x to make it CMP compatible.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Electronic ID - user authentication with ocsp

Recent Discussions

F5 to read a combined CRL file

how to whitelist new source IP on F5 web UI access

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

Creating local users when using Remote Authentication and unavailable login

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Re: Configuring Smart Card Authentication to the BIG-IP Traffic Management User Interface (TMUI) usi

AD Authentication using multiple user attributes

Update your DevCentral user profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS