Bug ID 429975: Client Cert Auth (SSO) OCSP connectivity issue due to timeout value

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP None(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9, 11.4.0 HF4

Opened: Sep 06, 2013
Severity: 3-Major

Symptoms

Failure to access the BigIP device.

Impact

Client Cert Auth (SSO) users wont be able to log in to their device due to Client certificate validation failures.

Conditions

Client Cert Auth (SSO) option should be enabled as the authentication and authorization process.

Workaround

--

Fix Information

OCSP Responder Timeout value has been made configurable to meet the required timeout values at site. #tmsh modify sys httpd ssl-ocsp-responder-timeout 500 Also as an other alternative you could try the following # tmsh modify sys httpd ssl-include " SSLOCSPResponderTimeout 500"

Behavior Change