Forum Discussion

Alexander_Poly1's avatar
Alexander_Poly1
Icon for Altocumulus rankAltocumulus
Nov 06, 2018

Is it possible to use CRLDP in Server SSL Profile?

Hello,

 

I need to check backend server’s certificates before processing client request. I am using option in «SSL Server Profile» named Server “Server Certificate > Require». All works fine but I need to check the Certificate Revocation. In «SSL Server Profile» I have found 2 options: 1.“Certificate Revocation List (CRL)» - that mean using static, manually uploaded file 2.“OCSP”

 

Is it possible to use CRLDP in Server SSL Profile?

 

  • Yes in BIG-IP v13.1 and above. You have three options in the server SSL profile:

     

    • OCSP - performs OCSP stapling if available or direct OCSP query if the server certificate contains an OCSP responder URL in its AIA field.
    • CRL File - revocation checking based on a locally-imported CRL file.
    • CRL - uses the CRLDP attribute in the certificate to fetch a remote CRL.