Revoked Cert in CRL not logging

Question

I have a authentication profile CRLDP server set that uses an LDAP instance to check the client cert presented against the LDAP CRL. This works fine and revoked certificates do not successfully handshake. 
However I don't seem to get any logs of a revoked certificate being presented.&nbsp;
I thought I may need an iRule to accomplish this but after playing around with X509::verify_cert_error_string and SSL::verify_result I'm stuck. I keep getting an OpenSSL verify value of 0 X509_V_OK when I expect at least one to be 23 X509_V_ERR_CERT_REVOKED&nbsp;
Has anyone got an iRule that successfully logs this info?&nbsp;
PS.I'd prefer not to abandon the authentication profile in favour of an Access Policy profile.&nbsp;
Thanks&nbsp;

ilian_ivanov · Answer

Hello,&nbsp;
I am not sure what should be the correct event for iRule here, but another solution is to increase the logging level for SSL from "System  ››  Logs : Configuration : Options". Debug is the highest level but is not recommended to use it in production if you have a lot of SSL traffic. You can try with notice or informatinal first.&nbsp;
Regards&nbsp;

Forum Discussion

Revoked Cert in CRL not logging

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Revoke and Reuse the F5 license

Logging DNS Requests

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

SSL-Cert

ASM logs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS