OCSP: Bad Request

Hello all. I'm trying to implement OCSP stapling and OCSP monitoring for my SSL certificates. OCSP stapling is enabled but never turned on, and OCSP monitoring fails with "OCSP Connection Error: HT...

BIG-IP

ocsp

security

HQuest_357338
Apr 01, 2018
Very different POST requests... and this definitively nailed the problem.

From my browser, the tbsRequest has the reqCert with issuerNameHash, issuerKeyHash and serialNumber for the certificate.

From the F5, apart of the reqCert, the tbsRequest also sends a requestorName of type directoryName, and sends a copy of the certificate defined under OCSP > Request signing as optionalSignature.

However this OCSP does not requires (or expects) to sign anything, and by taking it away, SSL certificate status went green instantly. And the OCSP response now contains the OCSP Response Status: successfull as it should.

Seems there was one combination I didn't tried... Thanks for the hint, it was spot on.

Forum Discussion

OCSP: Bad Request

Recent Discussions

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

Related Content

Client Cert Request by URI with OCSP Checking

CPU vulns, LoopDOS, AI worms and Bad Bots - March 18th - 24th - This Week in Security

Configuring OCSP Stapling on BIG-IP

OCSP Responder

Increasing accuracy using Bad Actor and Attacked Destination detection