JoeTheFifth
May 25, 2011Altostratus
F5 SSL CRL Config
Hi Guys,
I'm new here. Just registered today. I'm not an F5 expert but I use the Virtual edition in my SharePoint private test lab.
We have come across an issue in our work test lab. Here are the details.
I would like your point of view or recommendations on how to solve this:
We have two SharePoint servers behind an F5 appliance. We configured an SSL profile to upgrade the SharePoint sites to HTTPS.
We have the root+intermediate+webapplication certificates (all the chain) on the F5. Everything is working great BUT when I try to edit a work file from the SharePoint site I get a revocation check request.
Out test lab is not connected to the internet and some of our production clients are not connected to the internet.
If we uncheck the box in IE (check server certificate) the message disappears.
We don't want this message to appear for our clients and we don't want to touch IE config.
Question: is it possible to make the F5 appliance supply the revocation list for our clients. I read that configuring CRL per profile is possible but I'm not sure if it's intended only for use by the F5 appliance to check the certificate revocation list for itself or if this config can be published to clients so they can check the CRL on the appliance instead of trying to the hard coded url (verisign :
http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl) in the certificate. Something in the line of intermediate certificate config.
here is the link which talks about CRL config: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_ssl_profiles.html1298333
Please your feedback. Thanks