Forum Discussion
NimbostratusHow to configure CRL in F5
HI,
I have uploaded CRL file in /config/ssl/ssl.crl directory, now how to configure this file in client profile.
Kindly help me on this
Regards, Midhun P.K
8 Replies
- boneyard
MVP
if you did it correctly i should shown up in the drop down list under the client auth section at "Certificate Revocation List (CRL)". if that only says None you might have done something wrong, what tmos version are you using?
PS: please delete your double post.
midhun_108442thanks for your reply,
The F5 version is 10.2.4, I have uploaded the file to F5 using winscp and convert the file to .pme format using below command. "openssl crl -inform DEM -outform PEM -in certcrl.crl -out certcrl.pem "
Below the list of file in ssl.crl directory. ssl.crl ls -la total 27 drwxr-xr-x 2 root root 1024 Sep 25 16:11 . drwxr-xr-x 6 root root 1024 Apr 25 2012 .. -rw-r--r-- 1 root root 11318 Sep 25 15:49 gcacomb.pem
but still its not shown up in the drop down list.
- midhun_108442
thanks for your reply,
The F5 version is 10.2.4, I have uploaded the file to F5 using winscp and convert the file to .pme format using below command. "openssl crl -inform DEM -outform PEM -in certcrl.crl -out certcrl.pem "
Below the list of file in ssl.crl directory. ssl.crl ls -la total 27 drwxr-xr-x 2 root root 1024 Sep 25 16:11 . drwxr-xr-x 6 root root 1024 Apr 25 2012 .. -rw-r--r-- 1 root root 11318 Sep 25 15:49 gcacomb.pem
but still its not shown up in the drop down list.
- boneyard
saw this in a script, might help you:
bigpipe profile clientssl demo-clientssl crl file demo.pem
What_Lies_Bene1Cirrostratus
Do you have System > File Management available in the GUI? If so I'd suggest you download the converted file to your PC and reupload using the GUI to ensure it's recognised.
Thanks for letting me know about the double post Boneyard :)
- midhun_108442
Thanks Boneyard , It works with the script .
Version 10.2.4 doesn't have system>File Management option. Thanks fore your reply.
Gicu_337843Hello everybody. Please help me to install crl file in big ip f5 version 13.
Import a CRL
A certificate revocation list (CRL) is a list of certificates that have been revoked. The PEM CRL format uses the header and footer lines as follows:
-----BEGIN X509 CRL-----
[encoded data]
-----END X509 CRL-----BIG-IP 13.x and later
To import a CRL file using the Configuration utility, perform the following procedure:Impact of procedure: Performing the following procedures should not have a negative impact on your system.
- Log in the Configuration utility.
- Go to System > Certificate Management > Traffic Certificate Management > CRL Files.
- Select Import.
- For CRL File Name, enter a name for the file.
- For CRL File Source, select either Upload FIle or Paste Text.
- Select Import.
BIG-IP 11.x - 12.x
To import a CRL file using the Configuration utility, perform the following procedure:Impact of procedure: Performing the following procedures should not have a negative impact on your system.
- Log in to the Configuration utility.
- Go to System > File Management > SSL Certificate List.
- Select Import.
- In the Import Type list, select Certificate Revocation List.
- For Certificate Revocation List Name, enter a name for the file.
- For Certificate Revocation List Source, select either Upload File or Paste Text.
- Select Import.
