Is it possible to use CRLDP in Server SSL Profile?

Question

Hello,&nbsp;
I need to check backend server’s certificates before processing client request. I am using option in «SSL Server Profile» named Server “Server Certificate &gt; Require». All works fine but I need to check the Certificate Revocation. In «SSL Server Profile» I have found 2 options: 
1.“Certificate Revocation List (CRL)» - that mean using static, manually uploaded file 
2.“OCSP”&nbsp;
Is it possible to use CRLDP in Server SSL Profile?&nbsp;

kevin_stewart · Answer

Yes in BIG-IP v13.1 and above. You have three options in the server SSL profile:&nbsp;
OCSP - performs OCSP stapling if available or direct OCSP query if the server certificate contains an OCSP responder URL in its AIA field.CRL File - revocation checking based on a locally-imported CRL file.CRL - uses the CRLDP attribute in the certificate to fetch a remote CRL.

Forum Discussion

Is it possible to use CRLDP in Server SSL Profile?

1 Reply

Recent Discussions

minimum tmos software version for connect CIS (openshift)

security patch release

redirect not working

Reliable resources for identifying IP addresses

Could not connect to SMTP host.

Related Content

Server Profile SNI

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

SSL Profiles

Server Side Profile not show the certificate

F5 Distributed Cloud Origin Server Subset Rules