Configuring OCSP Stapling on BIG-IP
Published Jan 26, 2016
Version 1.0Was this article helpful?
I am wondering on the "Response Caching => Timeout: Indefinite" setting: Yesterday I revoked some certificate and this morning it was still shown as ok. When I deleted the OCSP cache for that certificate the status was updated to 'revoked' which is fine. If you follow the advice to set it to "Indefinite" - wouldn't this render OCSP stapling pretty much useless as the certificate will only be checked once then the cached response is used forever no matter if the certificate is still valid or revoked?
What timeout do you guys set on this usually? 1800-3600 seconds?