For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mark_22062's avatar
Mark_22062
Icon for Nimbostratus rankNimbostratus
May 18, 2012

CRLDP LDAP no Hostname

Our internal CA is AD based, with CDP configured with http URI and ldap URI. When trying to use CRLDP it errors out because the ldap URI entry in the certificate has no hostname (under Windows if there is no hostname it assumes AD).

 

 

Rather than rejigging the PKI infrastructure is there some way to intercept this with iRules and insert a hostname? OCSP is another possibility but would require deployment of some more servers.

 

BIG-IP Access Policy Manager (APM)
remote access
security

4 Replies

  • ccb's avatar
    ccb
    Icon for Employee rankEmployee
    Jun 13, 2012
    Hi Mark,

     

     

    Did you manage to find a solution?

     

  • KC_106957's avatar
    KC_106957
    Icon for Nimbostratus rankNimbostratus
    Jul 04, 2012
    Hi Mark,

     

     

    I think you can add an extra ldap URI with hostname without rejigging your KPI infrastructure. ldap://hostname/...

     

     

    My windows admin changed it for me, the only problem I have is that during the client SSL authentication phase the LTM/APM tell's me that the client certificate is self signed by my internal Root CA.

     

     

    How did you overcome this in your setup?

     

     

    Thanx,

     

     

    Kees
  • Mark_van_D's avatar
    Mark_van_D
    Icon for Cirrostratus rankCirrostratus
    Jul 20, 2012
    Hi Kees,

     

     

    I haven't made any progress on this.

     

     

    Cheers

     

    Mark