Forum Discussion

Nimbostratus

Oct 03, 2018

[OCSP Stapling] Globalsign configuration

Hi everyone, My objective is simple : I want to set OCSP Stappling configuration on my HTTPS VIP. For that, I follow this article For information, Globalsign is my SSL provider and I have wildcar...

Employee

Oct 09, 2018

You can use ssldump to determine if stapling is actually happening.

ssldump -AdNn -i [client side VLAN] port 443 [and any other filters]

You'll see the status_request message in the Client Hello, and if the server supports it, a stapled response in Certificate Status. And compare this to a known-good stapling site like https://www.bing.com.

If you do see stapling transactions, it could be that Firefox (or SSLLabs) doesn't specifically trust the signer of your stapled response.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

[OCSP Stapling] Globalsign configuration

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Configuring OCSP Stapling on BIG-IP

Enable OCSP Stapling via REST API

OCSP Stapling Globalsign configuration

wccp configuration for SSL Orchestrator

OCSP Stapling Globalsign configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS