Forum Discussion
bigipjr28_13978
Oct 14, 2014Nimbostratus
OCSP health monitor
Hey Guys,
Sort of in a time crunch. I am looking for a way to create a health monitor the would monitor OCSP request instead of http/https. I've seen/read somewhere on the forums that is could b...
Ian_Mahuron_383
Historic F5 Account
Try 'openssl ocsp' (man ocsp). This is a full-fledged OCSP validator and responder. Once you get it working from the command line, adapt the commands for use as an external monitor. Keep in mind that external monitors are expensive (they fork new processes) and should be used sparingly.
bigipjr28_13978
Nov 05, 2014Nimbostratus
Thanks again. As of now to two ocsp nodes are on the gtm as a server object. With a wideip name that has the pool of nodes on the gtm. Would this work on the gtm ? I upload the the certs that are being used against the argurments as well as the external monitor.
Here is what my external script looks like on the GTM:
!/bin/bash
cmd for ocsp responder
openssl ocsp -url http://ocsp.staging.com -VAfile prodsigner.pem -issuer cetmanager.pem -cert good.pem Response verify OK
exit 0
Thanks again
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects