I know this thread is old but I'm attempting to do this exact thing and can't seem to get it working.
Heres my anonymized info:
proxy server: 10.0.0.1:80
ocsp server: 75.0.0.1:80
I have created a VIP matching the ocsp responder IP address which forwards all traffic to a pool containing the proxy server as a member.
I have confirmed a valid response from the OCSP responder when I use openssl with both the host and path options:
openssl ocsp -CAfile ./CA.pem -issuer ./Issuer.pem -host 10.0.0.1:80 -path http://ocspserver/ocsp -cert CertToCheck
However I can’t confirm with openssl and just the path:
openssl ocsp -CAfile ./CA.pem -issuer ./Issuer.pem –url http://ocspserver/ocsp -cert CertToCheck
Can I configure the authenication profile to use the path and host flags and go that route? If not where am I going wrong with the VIP/Pool combo?
Sheigh