Load Balancing OCSP Responder Pool

Question

I am trying to determine a valid http get command to implement as a health monitor for load balancing 2 Windows 2012 OCSP Responders. I am using fiddler to generate http (get http://ocspresponder/ocsp/ee/ocsp) requests though even when I stop the responder service I still get a 200. The reason I am trying to make this work is that OCSP and CRL will be installed on the same server though the preference is OCSP. In the event OCSP fails, I want the virtual server to fail and then attempt CRL. There are 2 seperate NIC's (one for OCSP and one for CRL) so I have created 2 different virtual servers which are both listening on 80. Also, I am not using OCSP or CRL profiles as many applications that require certificate validation are not load balanced by the Big IP. Any feedback is appreciated. Thank you in advance!

david_holmes_9 · Accepted Answer

I believe an OCSP GET request has to be real (or real-looking). For example, here is how to build an OCSP request for redhat's OCSP.&nbsp;
How to Build OCSP Request - RedHat&nbsp;
Hopefully there would be a similar tool for Windows.&nbsp;
You could also capture a real OCSP request from a browser and then replay that as the monitor request.&nbsp;

Forum Discussion

Load Balancing OCSP Responder Pool

Recent Discussions

DEVICE-0202 Error while adding rSeries as a provider in CM

BigIP LTM update from v16 to v17

Foot Trooper Beneficios

Troubleshooting SSL Connections

Reclaim disk space for BIG-IP tenants running on rSeries systems

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Load Balancing TCP TLS Encrypted Syslog Messages

Transparent load balancing in Azure, Part 2

NGINXaaS for Azure: Load Balancing

Load Balancing Omnissa Unified Access Gateway with BIG-IP LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS