Forum Discussion

D_N_28689's avatar
D_N_28689
Icon for Nimbostratus rankNimbostratus
Apr 07, 2008

Blacklisting certificates by certificate id

Hello,     I'm completely new with F5 so please forgive me if I'm making some dumb assumptions.     I've been tasked to write a Java API that will blacklist certificates on the F5 based on...
dev
devops
iControl
D_N_28689's avatar
D_N_28689
Icon for Nimbostratus rankNimbostratus
Apr 09, 2008
Hello Don,

 

 

I looked at the Management::KeyCertificate interface per your recommendation. I noticed the ValidtyType enumeration and the VTYPE_CERTIFICATE_INVALID enum looks interesting as I suspect this may be what I am looking for. I wonder how the F5 determines whether to accept or reject a cert, in particular if it uses the KeyCertificate.certificate_check_validity method.

 

 

I basically need to be able to toggle on and off whether F5 will accept a particular certificate. I am not entirely sure how this is achieved through the KeyCertificate interface.

 

 

If I were to use KeyCertificate.delete_from_bundle() to make F5 reject a cert, then what would be the inverse operation? Also, assuming the inverse operation is a KeyCertificate.certificate_add_file_to_bundle, correct me if I am wrong, then this sounds like I would need to manage a copy of the cert for the import.