OCSP authentication query via http proxy

Question

Hello,&nbsp;
I need some help with configuring authentication profile for VS. We have service with client authentication using certificates. I need verify validity of client certificate using OCSP.&nbsp;
So I've created authentication profile with OCSP responder definition. The missing part is how to send http query via our http proxy gateway? I do not see such option in GUI.  
&nbsp;
There is predefined system iRule called  _sys_auth_ssl_ocsp which is responsible for doing query. 
I beleive that modifying this iRule I could send request via proxy.   
&nbsp;
Could support me with this?&nbsp;

miloslav_prikl · Answer

Hello, 
I found solution for this issue. If you have http proxy listenting on http port 80 is solution a little bit easier. Create records in hosts with FQDN of OCSP responder and IP address of your http proxy. If your http proxy listen on different port as 80. We can create virtual service which listen on port 80 and forward all communication to one pool member - your http proxy. Then we create same host records with IP address of this virtual service.&nbsp;

Forum Discussion

OCSP authentication query via http proxy

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Duo Authentication Proxies

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

SSL Orchestrator Advanced Use Cases: Forward Proxy Authentication

Doing mTLS Authentication per URL