For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Amartya_Ghosh_1's avatar
Amartya_Ghosh_1
Icon for Nimbostratus rankNimbostratus
Feb 28, 2014

2 Way SSL implementation

Hi,   I have a requirement to implement 2 way ssl. I do not have much idea on this. Can anyone please help me or guide me as in what all things I need to consider and how to implement this.   I...
deployment
design
security
Gicu_337843's avatar
Gicu_337843
Icon for Nimbostratus rankNimbostratus
Nov 20, 2017

Kevin, 2way ssl working like your config. Thank you. Please help me to configure automatic update for crl file in F5 version 13.

 

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Nov 20, 2017

    Gicu,

     

    There is no auto-update function for CRLs. Most admins will create an external monitor or periodic iCall script to update the CRLs. It's also worth noting that, if at all possible, OCSP and OCSP stapling are superior methods for certificate revocation.

     

  • Gicu_337843's avatar
    Gicu_337843
    Icon for Nimbostratus rankNimbostratus
    Nov 28, 2017

    Kevin sorry for my disturb. Pls help me if you know. I have tried below command of tmsh shell and working: modify sys file ssl-crl ROOT_OMDEXT_CA.crl source-path https://dl.dropboxusercontent.com/u/xxxxxx/CA_XCA_Root.crl

     

    I have tried the same command of icall script but not working: create script omdcrl { app-service none definition { tmsh::modify sys file ssl-crl XCA_CRL.crl source-path https://dl.dropboxusercontent.com/u/xxxxxx/CA_XCA_Root.crl } description none events none }

     

    if I change source-path as file:/shared/tmp/CA_XCA_Root.crl it is working

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Dec 06, 2017

    It may just be that you can't retrieve it from a dropbox link. I just tested with a generic Apache server and it worked fine.