Disable certificate revocation checking

Question

I would like to be able to ignore revoked SSL server certificates for certain outbound HTTPS connections. The CA that issued those certificates is under my control. So my first thought was to create a local/static CRL (from my CA) that contained no revoked certificate serial numbers. Then I created a Server SSL profile which used that CRL in the Server Authentication section, and applied that profile to virtual server used for the outbound connection.

The outbound connection worked fine until I revoked the server certificate. Now I get a "SSL Handshake failed" error during the connection attempt. So the F5 is clearly not using the local CRL.

Am I misundertanding the purpose of a local CRL?

Is there another/better way to accomplish this?

Forum Discussion

Disable certificate revocation checking

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Revocation Status in HTTP Request Header

Bypass certificate check

Validate Certificate Common Name and Revocation Status

Automating ACMEv2 Certificate Management on BIG-IP

Check for server certificate revocation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS