For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Biche_XD_185704's avatar
Biche_XD_185704
Icon for Nimbostratus rankNimbostratus
Oct 03, 2018

[OCSP Stapling] Globalsign configuration

Hi everyone, My objective is simple : I want to set OCSP Stappling configuration on my HTTPS VIP. For that, I follow this article For information, Globalsign is my SSL provider and I have wildcar...
application delivery
BIG-IP
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 09, 2018

Hi Kevin,

This is an interesting thread... i already tried to make it work but didn't spend much time to troubleshoot.

I have a question about the best configuration to make it work.

If we have following certificate tree:

  • RootCA
    • IntermediateCA1
      • IntermediateCA2
        • ServerCA

In clientSSL profile, I configure these certificates:

Cert

-----BEGIN CERTIFICATE-----
ServerCA Base64 encoded
-----END CERTIFICATE-----

Chain (not including Root CA certificate)

-----BEGIN CERTIFICATE-----
IntermediateCA2 Base64 encoded
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE-----
IntermediateCA1 Base64 encoded
-----END CERTIFICATE-----

What certificate must be set in OCSP Trusted Certificate Authorities and Trusted Responders?