CRL for SSL Client Profile

Question

Hi,&nbsp;
&nbsp;I have configured SSL Client Profile (clientssl) with Certificate Revocation List (CRL) which has all the revoked certificate list. And assigned this profile to virtual server. When I access that virtual server using revoked ssl client certificate, F5 is accepting that certificate. Do I need to add any rule to check for SSLClientCertStatus header?&nbsp;
&nbsp;Please help me...&nbsp;
&nbsp;Thanks,
&nbsp;Bhargav

colin_walker_12 · Answer

This sounds like something that would most likely be handled best by our Professional Services team. I don't believe there's any additional rule logic needed, but I'd create a case with them to diagnose the problem to ensure everything is configure properly Click here.&nbsp;
&nbsp;Colin

bhargav_9588 · Answer

It worked after adding [X509::verify_cert_error_string [SSL::verify_result]] in iRule.&nbsp;
&nbsp;http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html&nbsp;
&nbsp;Thanks,
&nbsp;Bhargav

Forum Discussion

CRL for SSL Client Profile

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Client SSL Profile

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Client vs Server SSL profile

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

F5 BIG-IP Advanced WAF – DOS profile configuration options.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS