CRL - File Format - Updating

Question

Hey All,&nbsp;
&nbsp;We're looking to implement client certificate authentication and use a CRL.&nbsp;
&nbsp;1 - Updating the CRL file on a regular basis - best to do with a cron job?&nbsp;
&nbsp;2 - The CRL we are getting from the Cert Authority is in a .crl format.  Since the LTM requires it to be a PEM formatted file, how would we go about doing that.  All previous attempts to do so via Openssl have been unsuccessful.&nbsp;
&nbsp;Thanks in advance.

luke_lehman · Answer

Solved.&nbsp;
&nbsp;.crl format is actually DER format.  The openssl syntax that I had wasn't correct.&nbsp;
&nbsp;bad syntax:   openssl crl -in .crl -outform PEM -out .pem
&nbsp;good syntax: openssl crl -inform der -in .crl -out .pem&nbsp;
&nbsp;Still looking for suggestions as to if a cron job is the best / safest way to obtain the CRL.&nbsp;
&nbsp;Thanks.

Forum Discussion

CRL - File Format - Updating

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

Updating SSL Certificates on BIG-IP using REST API

X509 Subject Formatting

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Auditing Security Policy Updates

Converting a Cisco ACE configuration file to F5 BIG-IP Format

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS