OCSP redirect??

Question

Hi,&nbsp;
&nbsp;I was wondering if anyone else was doing the same or had a solution to the following.&nbsp;
&nbsp;I am doing client and server side SSL and checking user Certs for revocation status of an OCSP responder. The thing that we are seeing is that if a user has a revoked Cert the LTM just drops the connection. Is there a way to capture the response from the OCSP responder and redirect the users to a sorry page? Or send them a message regarding their Cert status?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

Please check out the Kevin Stewart's iRules 2006 2nd place entry:&nbsp;
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=108&nbsp;Click here&nbsp;&nbsp;

todd_roberts_93 · Answer

Thanks for the reply....&nbsp;
&nbsp;I have tried Kevin Stewart’s iRule and every time we hit the VIP for testing it failed the F5 over to the stand by unit. Any ideas? Or maybe a simpler iRule you might know of?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

That's not so good.  I'd check your logs and also check /var/core to see if you are getting a TMM panic, the OS version you're on might have a bug.  If that's the case, open a support case.&nbsp;
&nbsp;Perhaps Kevin can lend an insightful hand, as well as his OS version??

Forum Discussion

OCSP redirect??

Recent Discussions

NetScaler to F5 Migration

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

Configuring OCSP Stapling on BIG-IP

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

OCSP Responder

OCSP through an outbound explicit proxy

OCSP: Bad Request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS