F5 LTM V11 CRL file uploading Error

A few things:

1. If you have a Windows 2008 R2 server in your environment, then you already have a reasonable efficient OCSP responder. Otherwise there are several free and open source OCSP servers for Linux.

    

2. CRLDP requires an intial client request to initiate the CRL download. That's why the first client may stall.

    

3. The LTM CRLDP authentication profile also has the 4mb file limitation (I believe), and I'm not 100% certain where LTM keeps this file (assuming in memory or mysql).

    

4. CRLDP (LTM or APM) currently requires LDAP access to the CRLDP. No HTTP. That means that the client certificate CRLDP field either needs to be a complete ldap:// URL, or in DirName format.

    

Otherwise, CRLDP does work and is reliable.