For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hui_37443's avatar
hui_37443
Icon for Nimbostratus rankNimbostratus
Jun 24, 2009

Proxy OCSP request

Our Big-IP LTM dev/test device is sitting behind company's firewall. In order to make an OCSP request to our CA, which is an Internet site, I have to configure it to go through the proxy. So far I can...
config
design
Sheigh_65772's avatar
Sheigh_65772
Icon for Cirrus rankCirrus
Mar 29, 2011
I know this thread is old but I'm attempting to do this exact thing and can't seem to get it working.

 

 

Heres my anonymized info:

 

proxy server: 10.0.0.1:80

 

ocsp server: 75.0.0.1:80

 

 

I have created a VIP matching the ocsp responder IP address which forwards all traffic to a pool containing the proxy server as a member.

 

 

I have confirmed a valid response from the OCSP responder when I use openssl with both the host and path options:

 

openssl ocsp -CAfile ./CA.pem -issuer ./Issuer.pem -host 10.0.0.1:80 -path http://ocspserver/ocsp -cert CertToCheck

 

 

However I can’t confirm with openssl and just the path:

 

openssl ocsp -CAfile ./CA.pem -issuer ./Issuer.pem –url http://ocspserver/ocsp -cert CertToCheck

 

 

Can I configure the authenication profile to use the path and host flags and go that route? If not where am I going wrong with the VIP/Pool combo?

 

 

Sheigh