Forum Discussion
hooleylist
Jan 17, 2012Cirrostratus
The purpose of OCSP is to verify the clients SSL certificate is valid. In order to process a client certificate on LTM, you need to use a client SSL profile. To check it against an OCSP server, you'll need an advanced client authentication (ACA) addon license. Do you have this license already? If not, you can check with your F5 or partner account manager for a quote.
Once you have the license, you can use an OCSP profile to validate the client cert. The OCSP responder can be on a TMM interface on an "internal" or "external" VLAN. There's no functional difference between the two from TMM's perspective. The OCSP call is done over HTTP, but the client to LTM virtual server traffic is via SSL.
Aaron