Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

OCSP revocated CA

Satoshino
Cirrus
Cirrus

‎07-Feb-2023 01:10

Hello all,

we configured an APM policy that perform OCSP Auth for client certs whom is working great.
Now we would like to add a new piece and verify even if the Intermediate CA, that signed the client certs, has being revoked.
is it possible to do this using only APM or other LTM function that doesn't involve the OCSP Stapling?
we tried with OCSP stapling but it didn't working properly and is not scalable, so we wonder if there are alternatives.

thank you

 

Labels:
0 Kudos
2 REPLIES 2

Leslie_Hubertus
Community Manager
Community Manager

‎09-Feb-2023 11:14

Hi @Satoshino  - I see that nobody has come by to answer this yet. I think my colleague @Lucas_Thompson may be able to help, though. 

0 Kudos

Lucas_Thompson
F5 Employee
F5 Employee

‎09-Feb-2023 14:56

Hi Satoshino, 

You present an interesting problem, it sounds like you're trying to ignore the certificate trust chain? Could you explain further how you'd like to do it? I don't exactly understand how you'd correctly validate trust when one member of the trust chain is invalid.

An APM policy for OCSP will query the CA for OCSP status.

0 Kudos
Copyright © 2023 Khoros, LLC