Manual Chapter : Authentication

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 17.1.0
Manual Chapter


You can configure a Local Online Certificate Status Protocol (OCSP) Responder and associate a Local OCSP Responder to a virtual server (which is part of the UI). OCSP is an Internet protocol used to obtain the revocation status of a digital certificate. When the validity of a certificate is requested, an OCSP request is sent to an OCSP Responder and checks the specific certificate with a trusted certificate authority. This results in an OCSP response being sent back of good, revoked, or unknown.
To configure Authentication, you must select
as your Protocol and either
L2 Outbound
L3 Outbound
, or
L3 Explicit Proxy
as your SSL Orchestrator topology from the Topology Properties screen. If you do not select one of the required protocols or topologies, Authentication will not be supported or appear as a Guided Configuration step.
To create a new authentication, click
. The Authentication Properties screen appears where you can select OCSP Responder (for the Client). Click
OCSP Responder
and click
. The Authentication Properties screen appears where you can configure a new OCSP Responder.
You may also edit or delete a newly created authentication that is a part of your current workflow and that has not yet been deployed. These configurations will show
next to the authentication name.
Previously deployed authentications that are listed cannot be deleted or edited and belong to deployed global authentications.
Show Advanced Setting
to select the following Protocol Settings:
Client TCP Profile
Server TCP Profile
HTTP Profile
: Later, when configuring the Interception Rule, you may select from the Authentication section OCSP Responder list to associate a Local OCSP Responder into the Interception Rule. This action adds a new iRule to the virtual server. In addition, you may configure authentication using the mini-flow Authentication tab without creating a topology and may utilize the existing iRule item-selector to select the OCSP iRule.