Manual Chapter : Authentication

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 17.1.0
Manual Chapter

Authentication

You can configure a Local Online Certificate Status Protocol (OCSP) Responder and associate a Local OCSP Responder to a virtual server (which is part of the UI). OCSP is an Internet protocol used to obtain the revocation status of a digital certificate. When the validity of a certificate is requested, an OCSP request is sent to an OCSP Responder and checks the specific certificate with a trusted certificate authority. This results in an OCSP response being sent back of good, revoked, or unknown.
To configure Authentication, you must select
TCP
or
Any
as your Protocol and either
L2 Outbound
,
L3 Outbound
, or
L3 Explicit Proxy
as your SSL Orchestrator topology from the Topology Properties screen. If you do not select one of the required protocols or topologies, Authentication will not be supported or appear as a Guided Configuration step.
To create a new authentication, click
Add
. The Authentication Properties screen appears where you can select OCSP Responder (for the Client). Click
OCSP Responder
and click
Add
. The Authentication Properties screen appears where you can configure a new OCSP Responder.
You may also edit or delete a newly created authentication that is a part of your current workflow and that has not yet been deployed. These configurations will show
NOT DEPLOYED
next to the authentication name.
Previously deployed authentications that are listed cannot be deleted or edited and belong to deployed global authentications.
Click
Show Advanced Setting
to select the following Protocol Settings:
Client TCP Profile
,
Server TCP Profile
,
HTTP Profile
.
Optional
: Later, when configuring the Interception Rule, you may select from the Authentication section OCSP Responder list to associate a Local OCSP Responder into the Interception Rule. This action adds a new iRule to the virtual server. In addition, you may configure authentication using the mini-flow Authentication tab without creating a topology and may utilize the existing iRule item-selector to select the OCSP iRule.