OCSP responder profile with client cert set to "request", for multiple CAs;
Environment: LTM 11.5.2, APM available but i think N/A for this.
Just a quick check of my understanding of something ...
If an OCSP responder profile's URL field is empty, and "Ignore AIA" is not checked, then the URL from the AIA will be used to reach the OCSP service, correct?
Can I assume this works cleanly of "request" is set in the client SSL profile - that is, if a user doesn't provide a client certificate, this won't err out?
Finally, if a cert's AIA doesn't have an OCSP service, only an URL to a CRL ... how should that certificate be validated? If a CRLDP profile is also attached to the virtual server, will it recognize that situation and use the CRLDP profile instead? Or is there a recognized solution for handling such a mix of incoming client certificates? How about if there's no CRLDP, but only an URL to a CRL file? Can that situation be automagically handled?
Thanks!