Forum Discussion

ChrisLlanes's avatar
ChrisLlanes
Icon for Nimbostratus rankNimbostratus
Mar 29, 2022

Disable certificate revocation checking

I would like to be able to ignore revoked SSL server certificates for certain outbound HTTPS connections. The CA that issued those certificates is under my control. So my first thought was to create a local/static CRL (from my CA) that contained no revoked certificate serial numbers. Then I created a Server SSL profile which used that CRL in the Server Authentication section, and applied that profile to virtual server used for the outbound connection.

The outbound connection worked fine until I revoked the server certificate. Now I get a "SSL Handshake failed" error during the connection attempt. So the F5 is clearly not using the local CRL.

Am I misundertanding the purpose of a local CRL?

Is there another/better way to accomplish this?

No RepliesBe the first to reply