OCSP Responder i-Rule

Question

I need an i-Rule to poll specific OCSP responder URL's every few seconds to test reachability/availability and then send a snmp trap if a response is not received within a given time.&nbsp;
Can anyone help. Cheers Chris&nbsp;

kevin_stewart · Answer

Your best bet I think is a custom external monitor. You can use OpenSSL to actually test the responders (make an OCSP request), and then use one of the command line SNMP tools (ie. snmpset) based on the OCSP response. Create a pool of all of your OCSP servers, apply the monitor, and it'll cycle through them on a defined schedule. Take a look at the sample monitors in /config/monitors.

Forum Discussion

OCSP Responder i-Rule

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

OCSP Responder

i-rule header insert - APM

Configuring OCSP Stapling on BIG-IP

I-rule for adapt request "response page"

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP