Hi guys,
I'm looking for a bit of guidance on how to setup a CRLDP AAA server to use HTTP as I just can't seem to get it right. We are running 11.4.1 HF3 and I have the following options configured for the CRLDP server:
Server Connection: I've specified "Pool" as "Direct" doesn't seem to save the IP address I specify.
Service Port: 80 HTTP
BaseDN: http://server.mydomain.com/CRL/company_issuing_ca_certification_authorities_group_dc_com_crlfile.crl
Cache Timeout: 86400
Use Issuer: Unticked
Allow Null CRL: Unticked
Verify Signature: Enabled
Connection Timeout: 15 seconds
Update Interval: 0 seconds
The error I'm getting in the APM log files is as follows:
May 10 17:17:02 F5APMDEVICE debug apd[19971]: 01490000:7: modules/Authentication/Crldp/CrldpAuthModule.cpp func: "setCrldpResponseStatus()" line: 795 Msg: Crldp Response Status: Bad HTTP response status
May 10 17:17:02 F5APMDEVICE warning apd[19971]: 0149015e:4: abcf0b23: CRLDP Auth agent: CRL lookup failed for LDAP url 'http://server.mydomain.com/CRL/company_issuing_ca_certification_authorities_group_dc_com_crlfile.crl' reason 'Bad HTTP response status'
May 10 17:17:02 F5APMDEVICE warning apd[19971]: 01490148:4: abcf0b23: CRLDP Auth agent: Failure status 'Bad HTTP response status'
May 10 17:17:02 F5APMDEVICE debug apd[19971]: 01490012:7: abcf0b23: CRLDP agent: LEAVE Function executeInstance
The LDAP error seems to suggest it isn't actually attempting to connect to the distribution point via HTTP. Where am I going wrong here?
Thanks
Peter