OCSP revocated CA

Question

Hello all,we configured an APM policy that perform OCSP Auth for client certs whom is working great.Now we would like to add a new piece and verify even if the Intermediate CA, that signed the client certs, has being revoked.is it possible to do this using only APM or other LTM function that doesn't involve the OCSP Stapling?we tried with OCSP stapling but it didn't working properly and is not scalable, so we wonder if there are alternatives.thank you&nbsp;

leslie_hubertus · Answer

Hi&nbsp;Satoshino&nbsp; - I see that nobody has come by to answer this yet. I think my colleague&nbsp;Lucas_Thompson&nbsp;may be able to help, though.&nbsp;

lucas_thompson · Answer

Hi Satoshino,&nbsp;
You present an interesting problem, it sounds like you're trying to ignore the certificate trust chain? Could you explain further how you'd like to do it? I don't exactly understand how you'd correctly validate trust when one member of the trust chain is invalid.
An APM policy for OCSP will query the CA for OCSP status.

Forum Discussion

OCSP revocated CA

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Revocation Status in HTTP Request Header

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Configuring OCSP Stapling on BIG-IP

Creating, Importing and Assigning a CA Certificate Bundle

BIG-IP VE license revocation/reuse

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS