OCSP redirect??

Question

Hi,&nbsp;
&nbsp;I was wondering if anyone else was doing the same or had a solution to the following.&nbsp;
&nbsp;I am doing client and server side SSL and checking user Certs for revocation status of an OCSP responder. The thing that we are seeing is that if a user has a revoked Cert the LTM just drops the connection. Is there a way to capture the response from the OCSP responder and redirect the users to a sorry page? Or send them a message regarding their Cert status?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

Please check out the Kevin Stewart's iRules 2006 2nd place entry:&nbsp;
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=108&nbsp;Click here&nbsp;&nbsp;

todd_roberts_93 · Answer

Thanks for the reply....&nbsp;
&nbsp;I have tried Kevin Stewart’s iRule and every time we hit the VIP for testing it failed the F5 over to the stand by unit. Any ideas? Or maybe a simpler iRule you might know of?&nbsp;
&nbsp;-Todd&nbsp;

jrahm · Answer

That's not so good.  I'd check your logs and also check /var/core to see if you are getting a TMM panic, the OS version you're on might have a bug.  If that's the case, open a support case.&nbsp;
&nbsp;Perhaps Kevin can lend an insightful hand, as well as his OS version??

Forum Discussion

OCSP redirect??

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Configuring OCSP Stapling on BIG-IP

OCSP Responder

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Anchor Link Redirect

OCSP HTTP Header Specification/Example or field name of EDIPI?