Forum Discussion

Cirrus

Aug 21, 2015

OCSP responder profile with client cert set to "request", for multiple CAs;

Environment: LTM 11.5.2, APM available but i think N/A for this. Just a quick check of my understanding of something ... If an OCSP responder profile's URL field is empty, and "Ignore AIA"...

Employee

Aug 21, 2015

You'd basically have an access policy that starts with an On-Demand cert auth agent that is followed by an iRule agent. That iRule would parse the client cert looking for either an AIA field or CRLDP. Depending on the logic you choose (ie. if AIA and CRLDP exist, always choose the AIA, or something like that), you'd set an access session variable. Out of the iRule event agent you'd have an empty agent and a set of branch conditions that evaluates this session variable and then routes the logic flow through an OCSP auth agent or CRLDP auth agent.

The APM CRLDP agent has been able to support HTTP and LDAP URLs since (I think 11.3).

Forum Discussion

OCSP responder profile with client cert set to "request", for multiple CAs;

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

I-rule for adapt request "response page"

Seeing "echo (ping) request -- (no response found!)" from a ACI leaf to the F5 floating ip

Bug ID 878641: "TLS1.3 certificate request message does not contain CAs" not fixed?

Large payload post requests aren't responding

Cannot edit "per-request policies" Request status 500