F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

pablitop_134672's avatar
pablitop_134672
Icon for Nimbostratus rankNimbostratus
Jun 02, 2017

Problem with ocsp stapling

I keep getting the error below and there is no way I can solve it. I follow the guide that support sent me ( https://support.f5.com/csp/article/K17111035), but no luck either. Any clue?   Jun 2 1...
application delivery
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 29, 2018

A 503 error in OCSP stapling usually means that the F5 is having trouble reaching the OCSP responder. Review your OCSP responder config and make sure that it's pointing to the correct address (and port), or is correctly configured to access OCSP through a proxy server.

OCSP traffic isn't encrypted, so you should be able to tcpdump capture on the respective VLAN and watch this traffic.

tcpdump -lnni [OCSP-connected vlan] -Xs0 port 80

The -Xs0 flag will let you see what the HTTP requests and responses look like, and it's probably a good assumption that the 503 is coming from the direction of the OCSP responder.