Forum Discussion

Nimbostratus

Oct 01, 2013

Dynamic CRL check on APM

Hi there! I am trying to get a certificate authentication working on a BigIP APM. Certificates coming from two different CAs must be able to authenticate. CRLs must are fetched using HTTP. ...

BIG-IP Access Policy Manager (APM)

design

security

Kevin_Stewart

Employee

Oct 01, 2013

As you've probably noticed, APM supports OCSP and CRLDP for certificate revocation checking. OCSP is an HTTP/OCSP call to a remote service and does not require direct access to the CRL, while CRLDP fetches the remote CRL (as defined in the certificate) and compares it locally. Currently, the CRLDP mechanism only supports LDAP-based retrieval.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)