Problem with ocsp stapling

Question

I keep getting the error below and there is no way I can solve it. I follow the guide that support sent me ( https://support.f5.com/csp/article/K17111035), but no luck either. Any clue?&nbsp;
Jun  2 17:33:13 warning tmm2[11881]: 01260024:4: OCSP failure on profile /Common/TEST.TEST.COM, certificate with issuer /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 and serial number ffffffffffffffff: HTTP error -  - 503&nbsp;
Thanks and regards in advance.&nbsp;

gr_33993 · Answer

I have the same issue. Any update on this? Have you found a solution?&nbsp;

kevin_stewart · Answer

A 503 error in OCSP stapling usually means that the F5 is having trouble reaching the OCSP responder. Review your OCSP responder config and make sure that it's pointing to the correct address (and port), or is correctly configured to access OCSP through a proxy server.
OCSP traffic isn't encrypted, so you should be able to tcpdump capture on the respective VLAN and watch this traffic.
tcpdump -lnni [OCSP-connected vlan] -Xs0 port 80

The -Xs0 flag will let you see what the HTTP requests and responses look like, and it's probably a good assumption that the 503 is coming from the direction of the OCSP responder.

Forum Discussion

Problem with ocsp stapling

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Configuring OCSP Stapling on BIG-IP

Enable OCSP Stapling via REST API

F5 Access 3.1.0 for Android problem

Script for External Monitor to check server OCSP Stapling Status

Source_Addr Persistence Problems

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS