OCSP and CRL

Question

I would like to ask if it is possible to authenticate clients using OCSP and CRL concurrently. We started off with a private CA which supports OCSP based authentication. We have now purchased a cloud based solution from Entrust. The design for the Entrust cloud based solution mandates that we use CRL for the authentication. I have to support existing OCSP and newer CRL clients. I would like to ask if it is possible to configure the LTM to support both methods concurrently. We are running LTM version 11.6.

leonardo_souza · Answer

It should work with LTM.
APM also provides similar functionality.&nbsp;
However, you need a license for that:&nbsp;
https://support.f5.com/csp/article/K14768&nbsp;
For OCSP, here is the manual to setup:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-6-0/44.html&nbsp;
For CRL, if you just want the CRL, you can setup that in the client ssl profile.
You should not need a license for that.&nbsp;
If you are looking for CRLDP, you do need the same license as OCSP.
Here is the manual for that:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-6-0/40.html&nbsp;

Forum Discussion

OCSP and CRL

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Configuring OCSP Stapling on BIG-IP

OCSP Responder

OCSP through an outbound explicit proxy

OCSP: Bad Request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS