For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

justin_westover's avatar
justin_westover
Icon for Nimbostratus rankNimbostratus
Sep 08, 2016

OCSP Responders and Configuration Profiles

We're performing client mutual authentication on a few of our sites and we want to verify that the cert being presented by the client hasn't been revoked. We're using OCSP profiles to do this but we'...
application delivery
BIG-IP
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 09, 2016

In APM, client side authentication objects are typically called "AAA agents". You'll see in the Access menu, under AAA, several client side auth types, including OCSP. In this case you'd create a separate OCSP AAA agent for each CA. Then in the visual policy, after you've collected the client cert, add an Empty agent and apply logic in the branch rules to switch between the OCSP Auth agents based on the issuer of the client's cert.