OCSP redirect??

Question

Hi,&nbsp;
&nbsp;I was wondering if anyone else was doing the same or had a solution to the following.&nbsp;
&nbsp;I am doing client and server side SSL and checking user Certs for revocation status of an OCSP responder. The thing that we are seeing is that if a user has a revoked Cert the LTM just drops the connection. Is there a way to capture the response from the OCSP responder and redirect the users to a sorry page? Or send them a message regarding their Cert status?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

Please check out the Kevin Stewart's iRules 2006 2nd place entry:&nbsp;
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=108&nbsp;Click here&nbsp;&nbsp;

todd_roberts_93 · Answer

Thanks for the reply....&nbsp;
&nbsp;I have tried Kevin Stewart’s iRule and every time we hit the VIP for testing it failed the F5 over to the stand by unit. Any ideas? Or maybe a simpler iRule you might know of?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

That's not so good.  I'd check your logs and also check /var/core to see if you are getting a TMM panic, the OS version you're on might have a bug.  If that's the case, open a support case.&nbsp;
&nbsp;Perhaps Kevin can lend an insightful hand, as well as his OS version??

Forum Discussion

OCSP redirect??

3 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Requirement for BIG-IQ VM Deployment in AWS

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 breaking Exchange authentication

Can't change sync type or failover after tenant upgrade.

Related Content

F5 HTTPS Redirect 2025

Configuring OCSP Stapling on BIG-IP

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

OCSP Responder

OCSP through an outbound explicit proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS