Forum Discussion

f5mkuDefault's avatar
Dec 07, 2020

OCSP Responder

Hi guys, I just wanted to know if anyone of you here had already setup an ocsp responder? We have this setup but not really sure if I am doing it correctly. So the setup goes like this.   Our AD...
  • f5mkuDefault's avatar
    f5mkuDefault
    Dec 09, 2020

    Hi Lidev, thanks for responding...This is actually how I configured but I am not too sure if this is correct, however from the packet capture now I can see ocsp request and ocsp response already, I see we are hitting the remote ocsp. We don't want to use stapling but rather remote ocsp authentication but I am not too sure if I should enable the client authentication.

     

    Would you be able to advise below if all are correct or if anything i missed?

     

    1. I created the "ocsp responder", this is where i put the "ocsp responder url".
    2. I created "ocsp configuration" and attached the "ocsp responder"
    3. I created "ocsp profile" and attached the "ocsp configuration"
    4. On the "application virtual server" I attached the "ocsp profile" under the "Authentication profile"
    5. On the "ssl client profile" of the application virtual server I have enabled the "client authentication", change "client certificate" from ignore to require and then apply the ca certificate under the trusted certificate authorities.

     

    Test result:

    1. The moment user launch the url the browser prompt to select the certificate
    2. Select and click OK but page error

     

    From the dump:

    I see ocsp request and ocsp response and the status of ocsp response is "unaothorized".

    From this point I can tell something wrong with the remote ocsp, however I want to know if my configuration are all correct.

     

    Please, kindly advise. Thanks a lot.