topic Re: OCSP request to a specific TCP port in Network Access Control

OCSP request to a specific TCP port

SemenErmachenko36396 — Fri, 09 Jul 2021 11:24:44 GMT

Hello

We plan to place OCSP responder behind HA Proxy.

Is it possible to configure ISE to send ocsp requests to a specific TCP port for example 888?

In OCSP Profile

URL http://test.domai.com:888/ocsp

Has anyone tested it this way?

Re: OCSP request to a specific TCP port

Mike.Cifelli — Fri, 09 Jul 2021 12:17:38 GMT

I have not tested this, but I dont see why it would not work. As long as the responder is listening on that port I dont see this being an issue. In the OCSP profile you are configuring the url to use. I would recommend testing it by disabling this under the trusted cert/s for which you assign the OCSP profile to: Reject the request if OCSP Responder is unreachable. This way clients will remain unaffected. Then once you confirm it works or does not work you can re-enable. HTH!