For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Johnny_Test_197's avatar
Johnny_Test_197
Icon for Nimbostratus rankNimbostratus
Aug 24, 2015

Monitor that uses openssl for OCSP

I'm looking to create a probe that can ascertain if our OSCP nodes are processing requests properly, instead of a standard TCP probe. I was hoping to use something similar to this "openssl ocsp -url...
application delivery
design
LTM
monitor
Johnny_Test_197's avatar
Johnny_Test_197
Icon for Nimbostratus rankNimbostratus
Aug 25, 2015

Thanks for both answers, I had essentially each component you have in the above script except I used a few more variables for the openssl command like this:

 

openssl ocsp -url http://$IP:$PORT -issuer $CERTFILE -no_cert_verify -resp_text -serial $SERIAL | grep $QUERYSTRING | cut -d " " -f2 > /dev/null

 

where $QUERYSTRING was "$SERIAL: " since I only want to test if the OSCP responder is processing requests, I don't really care if the response is "good" or "unknown" as long as it's a non error response. Both responses were helpful but I gave credit to Kevin since he spent more time on a full explanation.