Manual Chapter :
About OCSP Auth
Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0
About OCSP Auth
An OCSP Auth action retrieves the revocation status of an X.509 certificate by sending the
certificate information to a remote Online Certificate Status Protocol (OCSP) responder.
Typically, an OCSP Auth action follows an action that receives an X.509 certificate. Either a
Client Cert Inspection or On-Demand Cert Auth action can receive the X.509 certificate from a
user. Either action populates session variables with data that OCSP Auth uses. Similarly, a
Machine Cert Auth action can receive an X.509 certificate from a machine and populate session
variables.
A CRLDP Auth action is valid for
use in a per-request policy subroutine when placed after an On-Demand Cert Auth action.
An OCSP Auth action provides these configuration elements and options:
- OCSP Responder
- Specifies the OCSP Responder AAA configuration object, defined in the Access Policy AAA servers area of the Configuration utility.
- Certificate Type
- Specifies the expected type of certificate:UserorMachine.