Forum Discussion

Altocumulus

Aug 10, 2022

CRL Validator

From v15.1 onwards client SSL profiles support CRL validator objects as per this bug report: Bug ID 743758 (f5.com) I have no experience of CRL Validator. I have just started to read about it, but...

application delivery

security

Martin_Šebek

Altostratus

Feb 05, 2024

I am also concerned about dynamic CRLs. Anyone knows how to clear cached CRL file? Let's assume BIG-IP cached the CRL with Next Update after one week. What if I, for any reason, need to start from scratch and make BIG-IP to fetch the CRL again? I have not found a way how to achieve this.

Kevin Stewart mentioned "You could always run a script to periodically issue a request that triggers a CRL download", but I am not sure how to do it. Even if I create a new CRL under cert-validator (/sys crypto cert-validator crl) and I use it in client-ssl profile, it uses previously cached CRL without tryint to fetch the CRL.

-----------------------------------
Sys::CRL: XXXXXXXXX
-----------------------------------
Total Fetches                     0
Successful Fetches                0
New CRL Fetch Attempts            0
Cached CRL Updates                0
Internal Errors                   0
                                
Connection Errors               
  HTTP Errors                     0
  Timeouts                        0
  Other Failures                  0
                                
Validation Errors               
  Parsing Failures                0
  Verification Errors             0
  Validity Errors                 0
  Other Errors                    0
                                
Total Certificate Status Queries  2
                                
Certificate Status              
  Good                            2
  Revoked                         0
  Unknown                         0

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

CRL Validator

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

POC: Validate JWT with iRule

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Implementing SSL Orchestrator - Validation & Troubleshooting

APM Customization: Password Change Validation

Request and validate OAuth / OIDC tokens with APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS