Forum Discussion

Nimbostratus

Jun 02, 2017

Problem with ocsp stapling

I keep getting the error below and there is no way I can solve it. I follow the guide that support sent me ( https://support.f5.com/csp/article/K17111035), but no luck either. Any clue? Jun 2 1...

application delivery

LTM

Kevin_Stewart

Employee

Aug 29, 2018

A 503 error in OCSP stapling usually means that the F5 is having trouble reaching the OCSP responder. Review your OCSP responder config and make sure that it's pointing to the correct address (and port), or is correctly configured to access OCSP through a proxy server.

OCSP traffic isn't encrypted, so you should be able to tcpdump capture on the respective VLAN and watch this traffic.

tcpdump -lnni [OCSP-connected vlan] -Xs0 port 80

The -Xs0 flag will let you see what the HTTP requests and responses look like, and it's probably a good assumption that the 503 is coming from the direction of the OCSP responder.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Problem with ocsp stapling

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Configuring OCSP Stapling on BIG-IP

Enable OCSP Stapling via REST API

Script for External Monitor to check server OCSP Stapling Status

Troubleshooting TLS Problems With ssldump

Source_Addr Persistence Problems

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS