Forum Discussion

Fabrizio_Gerard's avatar
Icon for Nimbostratus rankNimbostratus
Mar 01, 2011

Inserting Client Certificate into OCSP Request




Is it possible to insert client certificate into ocsp authentication request sent by ltm to the responder?


I know this request is actually a http post so maybe the certificate could be inserted as a http header.



But couldn't find any informations about that...


3 Replies

  • Hi Fabrizio,



    What are you trying to do?



    I think you can check the option for 'Allow Certificates' in the OCSP Responder profile to have LTM insert the cert in the OCSP request:



    Creating an OCSP responder object




    Allow Certificates - Allows the addition of certificates to an OCSP request.



  • Hi,



    thank you for your reply.



    Actually, we are using Bigip version 9.3.1 but in the responder profile there is the option "Allow certificates" as well.


    I traced the ocsp request sent from bigip but I couldn't see any certificate inside the post.


    We are tryng to pass the client certificate to the responder so that a validation authority could extract some info from certificates such as CRL distribution point and so on.



    Now, we are planning to upgrade to 10.x during next months but, still, in version 9.3.1 the option "Allow certificates" doesn't seem to work as expected.



    Any ideas?


  • Hi Fabrizio,



    I've tested OCSP validation in 9.4.8 and 10.1, but not for sending the cert. You could open a case with F5 Support to look into this.



    Be aware that 9.3 is going out of support on 12 Mar. So it would be a good idea to upgrade soon.



    sol5903: BIG-IP software support policy