Forum Discussion
Alexander_Poly1
Nov 06, 2018Altocumulus
Is it possible to use CRLDP in Server SSL Profile?
Hello,
I need to check backend server’s certificates before processing client request. I am using option in «SSL Server Profile» named Server “Server Certificate > Require». All works fine but I need to check the Certificate Revocation. In «SSL Server Profile» I have found 2 options: 1.“Certificate Revocation List (CRL)» - that mean using static, manually uploaded file 2.“OCSP”
Is it possible to use CRLDP in Server SSL Profile?
- Kevin_StewartEmployee
Yes in BIG-IP v13.1 and above. You have three options in the server SSL profile:
- OCSP - performs OCSP stapling if available or direct OCSP query if the server certificate contains an OCSP responder URL in its AIA field.
- CRL File - revocation checking based on a locally-imported CRL file.
- CRL - uses the CRLDP attribute in the certificate to fetch a remote CRL.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects