Forum Discussion
petras123_10972
Nimbostratus
Apr 23, 2012Automaticlly update CRL
Hi All,
Is possible configure auto-update the CRL?
I have BIG-IP v 11. From CA I have downloaded and imported the CRL file. In the Client SSL profile I have configured: Cert - required ... a...
lsv_53630
Nimbostratus
Apr 29, 2013Wth is wrong with this board? I can't even edit posts decently... Anyway, this is the correct bugfix:
!/bin/sh
NOTE:
- Remember that you need to manually import a CRL file through the GUI with
the same name as the one use by this script FIRST, otherwise the config
'touch' will fail. Load it through Local Traffic -> SSL Certificate List.
TMSH="/usr/bin/tmsh"
TMPFILE=`/bin/mktemp` || { echo "Failed to create temp file. Exiting"; exit 1; }
if [ -e "$TMSH" ]; then
STATUS=`$TMSH show sys failover`
else
echo "tmsh not found"
exit 1
fi
case "$STATUS" in
*active*)
echo "Active F5: Continuing..."
;;
*standby*)
echo "Standby F5: Exiting."
;;
*)
echo "Unknown status: Exiting."
exit 1
esac
/usr/bin/curl -f -o $TMPFILE -H 'Host: HOSTNAME' -g http://HOSTNAME/demo.crl
if [ $? -ne 0 ]; then
echo "Error getting CRL file. Exiting."
exit 1
fi
if [ -f $TMPFILE ] && [ -s $TMPFILE ]; then
convert the CRL from DER to PEM - ONLY IF NEEDED, my CRL was in PEM
format already from above
openssl crl -inform der -in demo.crl -out demo.pem
rm demo.crl
mv demo.pem demo.crl
$TMSH modify /sys file ssl-crl demo.crl source-path file:$TMPFILE
if [ $? -eq 0 ]; then
$TMSH run /cm config-sync to-group /Common/CLUSTERNAME
else
echo "crl upload fail. Exiting."
/bin/rm $TMPFILE
exit 1
fi
else
echo "No crl file found or crl file empty. Exiting."
exit 1
fi
/bin/rm $TMPFILE
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects