ocsp auth
2 Topics
Why is OCSP response caching not working with Client Certificate Authentication?
Hi everyone, I'm implementing OCSP client certificate authentication on BIG-IP using a custom OCSP Auth profile. I see that BIG-IP sends a new OCSP request for each connection. I’ve tried disabling the Nonce option and setting custom values for Status Age and Validity Period, but it didn’t change the behavior — no caching happens. Also, I confirmed that caching seems to work only in OCSP stapling scenarios , but not when validating client certificates. Question: Is it expected that OCSP Auth profiles do not support any form of caching, Is there a supported workaround to avoid redundant OCSP traffic or should I configure a CRL? Thanks in advance!Solved71Views0likes2Comments
SSL PROFILE - How to use multiple SSL Profile Client in Virtual Server
Hello guys, I have a VDI portal that runs through an APM. This portal uses in its VS an ssl profile for a wildcard certificate and another ssl profile for a smartcard that requests a token after entering a user and password. The question is, I can't use both profiles at the same time, I've already changed the Default SSL Profile for SNI option, but the smartcard no longer requests the token on the page. How do I use the two profiles and still manage to have the token request for the correct authentication of the page? Note: The token is requested in the Access Profile via On-Demand-Cert-Auth.Solved1.3KViews0likes2Comments