OCSP redirect??

Question

Hi,&nbsp;
&nbsp;I was wondering if anyone else was doing the same or had a solution to the following.&nbsp;
&nbsp;I am doing client and server side SSL and checking user Certs for revocation status of an OCSP responder. The thing that we are seeing is that if a user has a revoked Cert the LTM just drops the connection. Is there a way to capture the response from the OCSP responder and redirect the users to a sorry page? Or send them a message regarding their Cert status?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

Please check out the Kevin Stewart's iRules 2006 2nd place entry:&nbsp;
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=108&nbsp;Click here&nbsp;&nbsp;

todd_roberts_93 · Answer

Thanks for the reply....&nbsp;
&nbsp;I have tried Kevin Stewart’s iRule and every time we hit the VIP for testing it failed the F5 over to the stand by unit. Any ideas? Or maybe a simpler iRule you might know of?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

That's not so good.  I'd check your logs and also check /var/core to see if you are getting a TMM panic, the OS version you're on might have a bug.  If that's the case, open a support case.&nbsp;
&nbsp;Perhaps Kevin can lend an insightful hand, as well as his OS version??

Forum Discussion

OCSP redirect??

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

irule execution error

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

F5 HTTPS Redirect 2025

Configuring OCSP Stapling on BIG-IP

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

OCSP Responder

OCSP through an outbound explicit proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS