Forum Discussion
Andy_McGrath
Dec 06, 2018Cumulonimbus
CRL checking can be done within the SSL profile but does not automatically update the CRL file which needs to be loaded on to the F5. However, I wrote an iCall script solution to this issue which also doesn't put devices within a none auto sync device group out of sync.
iCall CRL update with Route Domains and Auto-Sync
For OCSP checking, and doing it correctly, you need APM I do not know of another way to do this other than maybe with iRules LX but not look at it in enough detail to say for sure. So APM is your best option if you really want to use OCSP for revocation checking.