Forum Discussion
How to understand "Update CRL" field in LTM's Certificate Authority profile?
Hi,
I am wondering, how should I understand the CRL related fields in LTM's CA profile (Local Traffic > Profiles > SSL > Certificate Authority)? I cannot find any documentation for this profile.
I would like to use this CA profile in APM's machine certificate check and make sure that machines with revoked certificates are denied access to APM resources.
I understand that the "Certificate Revocation List (CRL)" field defines a static CRL file stored locally which I previously created under System > File Management > SSL Certificate List.
But using CRL without a periodic and automatic update does not make sense.
But I am struggling to understand what exactly would LTM do if I check the "Update CRL" checkbox under CA profile. How would LTM update this CRL? Where would it get the information for this update from? Would it read the CRL location URL from the certificate and try to access it?
Anybody has an idea on how this is meant to work?
- Martin_VlaskoAltocumulus
Actually I found the solution. I removed the CRL settings from Local Traffic CA profile and instead, created APM policy action CRLDP Authentication. This item forces APM policy to make a dynamic CRL check on the fly, exactly what I needed.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com