Dynamic OCSP and CRLDP check for SSL Client Authentication

Dear,

 

I have a use case where a virtual server is configured with a client ssl profile and client authentication is enabled.

 

The client certificates can be signed by any CA in a bundle that is assigned to the profile as well.

 

We want to enable the revocation status check based on the information of the certificate, it can be either CRLDP or OCSP.

 

There are some configuration objects in "Local Traffic >> Profiles >> Authentication" but these profiles need static URLs for the CRLDP and OCSP.

 

I also read that this is based on the ACA module that has been deprecated.

 

So I would assume that the only solution would be the APM module, but I would like to get a clear answer if possible.

 

Thanks a lot.

 

Abdessamad