Forum Discussion

sjerbi's avatar
sjerbi
Icon for Nimbostratus rankNimbostratus
Jul 15, 2025
Solved

Why is OCSP response caching not working with Client Certificate Authentication?

Hi everyone, I'm implementing OCSP client certificate authentication on BIG-IP using a custom OCSP Auth profile. I see that BIG-IP sends a new OCSP request for each connection. I’ve tried disablin...
cache
LTM
ocsp auth
  • VGF5's avatar
    VGF5
    Jul 15, 2025

    Hi sjerbi​ 

     

    Yes, this is expected behavior. OCSP response caching is only supported for OCSP stapling scenarios, where the BIG-IP acts as a server and provides stapled OCSP responses during TLS handshakes. When validating client certificates, the system doesn’t cache OCSP responses and sends a new request for each connection.

     

    Refer: https://my.f5.com/manage/s/article/K75106155 

     

     

sjerbi's avatar
sjerbi
Icon for Nimbostratus rankNimbostratus
Jul 15, 2025

Hi VGF5​ 

thank you for your reply.

Is there any solution to work around this issue?