OCSP responder configuration question

Hi there,

 

I am having some problem to use the default OCSP server URL which is contained in the AIA field of the certificate.

 

In the OCSP responder form, I leave the "URL" field empty, and uncheck "Ignore AIA" field. At run time the AUTH:status returns 1 (failure) in no time. By monitoring the network traffic, I can't see any OCSP request coming out.

 

After I copy the URL from AIA to the "URL" field and update the system, the communication starts to happen, regardless the "Ignore AIA" checkbox checked or not.

 

Apart from the above two fields, I have some common settings including "cert auth file", "cert auth path", "signer" & "signing key". All works fine as long as I provide a explicit url.

 

Not sure whether the url is mandatory, or there is something else goes wrong.

 

Another question is that whether it is possible to include the AIA section in the OCSP request, as a request extension. From the iRule doc there doesn't seem to be a way to specify explicitly.