Bug ID 429975: Client Cert Auth (SSO) OCSP connectivity issue due to timeout value

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP None(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9, 11.4.0 HF4

Opened: Sep 06, 2013

Severity: 3-Major


Failure to access the BigIP device.


Client Cert Auth (SSO) users wont be able to log in to their device due to Client certificate validation failures.


Client Cert Auth (SSO) option should be enabled as the authentication and authorization process.



Fix Information

OCSP Responder Timeout value has been made configurable to meet the required timeout values at site. #tmsh modify sys httpd ssl-ocsp-responder-timeout 500 Also as an other alternative you could try the following # tmsh modify sys httpd ssl-include " SSLOCSPResponderTimeout 500"

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips