Forum Discussion
OCSP: Bad Request
- Apr 01, 2018
Very different POST requests... and this definitively nailed the problem.
From my browser, the tbsRequest has the reqCert with issuerNameHash, issuerKeyHash and serialNumber for the certificate.
From the F5, apart of the reqCert, the tbsRequest also sends a requestorName of type directoryName, and sends a copy of the certificate defined under OCSP > Request signing as optionalSignature.
However this OCSP does not requires (or expects) to sign anything, and by taking it away, SSL certificate status went green instantly. And the OCSP response now contains the OCSP Response Status: successfull as it should.
Seems there was one combination I didn't tried... Thanks for the hint, it was spot on.
Very different POST requests... and this definitively nailed the problem.
From my browser, the tbsRequest has the reqCert with issuerNameHash, issuerKeyHash and serialNumber for the certificate.
From the F5, apart of the reqCert, the tbsRequest also sends a requestorName of type directoryName, and sends a copy of the certificate defined under OCSP > Request signing as optionalSignature.
However this OCSP does not requires (or expects) to sign anything, and by taking it away, SSL certificate status went green instantly. And the OCSP response now contains the OCSP Response Status: successfull as it should.
Seems there was one combination I didn't tried... Thanks for the hint, it was spot on.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com