Forum Discussion

Nimbostratus

Jul 15, 2025

Solved

Why is OCSP response caching not working with Client Certificate Authentication?

Hi everyone, I'm implementing OCSP client certificate authentication on BIG-IP using a custom OCSP Auth profile. I see that BIG-IP sends a new OCSP request for each connection. I’ve tried disablin...

cache

LTM

ocsp auth

VGF5
Jul 15, 2025
Hi sjerbi

Yes, this is expected behavior. OCSP response caching is only supported for OCSP stapling scenarios, where the BIG-IP acts as a server and provides stapled OCSP responses during TLS handshakes. When validating client certificates, the system doesn’t cache OCSP responses and sends a new request for each connection.

Refer: https://my.f5.com/manage/s/article/K75106155

VGF5

Cumulonimbus

Jul 15, 2025

Hi sjerbi

Yes, this is expected behavior. OCSP response caching is only supported for OCSP stapling scenarios, where the BIG-IP acts as a server and provides stapled OCSP responses during TLS handshakes. When validating client certificates, the system doesn’t cache OCSP responses and sends a new request for each connection.

Refer: https://my.f5.com/manage/s/article/K75106155