We need to implement an OCSP authentication profile on our LTM system to verify the revocation status of client certificates.
Does anyone know if it's possible for the LTM to cache the response from the OCSP Responder to help minimise the number of requests needed?
You can change the caching options in the ocsp stapling profile.
Please have a look at the following article, by Jason Rahm:
Thanks for your quick response. We don't want to do OCSP stapling. Our situation is that we have a VS to which the client connects. We've applied a Client SSL Profile to terminate the TLS. We also have Client Authentication turned on so the LTM sends a certificate request. We then need to check the revocation of the client's certificate using OCSP. We have configured an OCSP authentication profile, see:
...the client has asked if the LTM can cache the OCSP response from the Responder so the LTM does not need to send an OCSP request for the same client every time they make a request.
Ah, I missed the part about client certificates. Sorry, but I don't know if what you want can be done.
No problem Morten. I'm also scratching my head.
Does anyone else have any ideas?