Configuring OCSP Stapling on BIG-IP
When setting up an SSL connection the cert tells you its expiration, but how do you tell if the SSL Cert has been revoked? There are multiple ways to do this. The first is the Certificate Revocation ...
Published Jan 26, 2016
Version 1.0JRahm
Admin
Joined January 20, 2005
JRahm
Admin
Joined January 20, 2005
webguy96
Sep 10, 2019Nimbostratus
Can you perhaps try the following and see if it gives you any better results from within bash or list the specific version of F5 you are running as this was put together against v13.1.5.
# set directory path to location of certs (change to custom partition if not stored in /Common)
cd /config/filestore/files_d/Common_d/certificate_d
# obtain the full name of cert + ca bundle
ls
# test OCSP response using openssl
# -issuer & -CAfile are both using a cert bundle containing both the Intermediate + Root CA for DigiCert
openssl ocsp -no_nonce -header Host ocsp.digicert.com -issuer \:Common\:digicert_bundle.crt_198653_1 -cert \:Common\:your.website.com.crt_234232_1 -url http://ocsp.digicert.com -CAfile \:Common\:digicert_bundle.crt_198653_1