Forum Discussion

Letendart's avatar
Letendart
Icon for Nimbostratus rankNimbostratus
Jan 21, 2019

APM : Machine Cert issuer value and OCSP responder

Hello all, We're using OCSP responder in an APM policy after a Machine Cert Auth. The "session.check_machinecert.last.cert.issuer.cert" variable is not populated by the Machinne Cert Auth. So we have to assign the variable with the cert issuer value ... That's working, for sure, but : - when the CA cert change we have to change it in each oh the APM branchs - We have two differents CA authorities, so to separage assign with the different values, etc ...

 

No way to make it easier ? Have a good day

 

APM
security

2 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 21, 2019

    you can create at the beginning of the VPE one variable:

    session.custom.issuer.cert

    with the CA cert.

    Then after Machine Cert box, create a variable assign with

    session.check_machinecert.last.cert.issuer.cert == Variable session.custom.issuer.cert

    when the CA changes, change only the first value.

  • Letendart's avatar
    Letendart
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2019

    Salut à tous,

     

    Stanislas gave me a first tip but my problem is more complex, let me explain more : - I have to check computer certs in multiple access profiles - In each of them I must check that the cert issuer is from CA1 or CA2 ... - I also have to save the CA cert issuer for the OCSP check ... As you may see in the attached screenshot it's getting not easy to manage and really bad optimization.

     

     

    Bonne journèe