Check for server certificate revocation
We are planning to upgrade BIG-IP 13.x to 14.x, but if we upgrade to 14.x, users will ge popup of "Revocation information for the secuirty certificate for theis site is not available. Do you want to proceed?"
From F5 support, we got advince that if Internet option "Check for server certificate revocation" is disabled, the popup can be avoided. It surely can be avoided with it, but many of our user uses unmanaged hardened device and users cannot change internet option settings.
On the VS, private server certificate is used. All deivces has corresponding client certificate. We import CRL from private CA every half hour by using follwoing command line on BIG-IP.
tmsh modify /sys file ssl-crl [CRL name] source-path [URL for CRL]
I guess that the popup is shown because it is private certificates. THe popup can be avoided by some setting on BIG-IP side?