NetScaler OCSP Stapling Feature Not Working

NetScaler OCSP Stapling Feature Not Working

book

Article ID: CTX229479

calendar_today

Updated On:

Description

NetScaler is communicating with the OCSP server.

OCSP server is replying for the request by NetScaler, however NetScaler is unable to send the reply of certificate status to the user.

User-added image

Non - Working Trace:
User-added image

Working Trace: Where the Certificate Status is seen during SSL handshake
User-added image
 

Resolution

To resolve this issue, upgrade to NetScaler 11.1 < Latest Version > and also add configuration as below:
add ssl ocspresponder o1 –url <OCSPResponderURL> -nonce DISABLED
bind ssl certkey <certkey_name> -ocspresponder <ocspresponder_name> -priority <val>

As a workaround, use/add configured ocspresponder and bind it to Issuer certkey. Configured ocspresponders have more priority than Internal ocspresponders.

Problem Cause

OCSP Caching needs to be enabled.Nonce for External Responder needs to be disabled.

Issue/Introduction

NetScaler OCSP Stapling Feature Not Working
Powered by Wolken Software