Authentication

You can configure a Local Online Certificate Status Protocol (OCSP) Responder and associate a Local OCSP Responder to a virtual server (which is part of the UI). OCSP is an Internet protocol used to obtain the revocation status of a digital certificate. When the validity of a certificate is requested, an OCSP request is sent to an OCSP Responder and checks the specific certificate with a trusted certificate authority. This results in an OCSP response being sent back of good, revoked, or unknown.

To configure Authentication, you must select

TCP

or

Any

as your Protocol and either

L2 Outbound

,

L3 Outbound

, or

L3 Explicit Proxy

as your SSL Orchestrator topology from the Topology Properties screen. If you do not select one of the required protocols or topologies, Authentication will not be supported or appear as a Guided Configuration step.

To create a new authentication, click

Add

. The Authentication Properties screen appears where you can select OCSP Responder (for the Client). Click

OCSP Responder

and click

Add

. The Authentication Properties screen appears where you can configure a new OCSP Responder.

You may also edit or delete a newly created authentication that is a part of your current workflow and that has not yet been deployed. These configurations will show

NOT DEPLOYED

next to the authentication name.

Click

Show Advanced Setting

to select the following Protocol Settings:

Client TCP Profile

,

Server TCP Profile

,

HTTP Profile

.

Optional

: Later, when configuring the Interception Rule, you may select from the Authentication section OCSP Responder list to associate a Local OCSP Responder into the Interception Rule. This action adds a new iRule to the virtual server. In addition, you may configure authentication using the mini-flow Authentication tab without creating a topology and may utilize the existing iRule item-selector to select the OCSP iRule.