Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Check for server certificate revocation



We are planning to upgrade BIG-IP 13.x to 14.x, but if we upgrade to 14.x, users will ge popup of "Revocation information for the secuirty certificate for theis site is not available. Do you want to proceed?"

From F5 support, we got advince that if Internet option "Check for server certificate revocation" is disabled, the popup can be avoided. It surely can be avoided with it, but many of our user uses unmanaged hardened device and users cannot change internet option settings. 

On the VS, private server certificate is used. All deivces has corresponding client certificate. We import CRL from private CA every half hour by using follwoing command line on BIG-IP.

tmsh modify /sys file ssl-crl [CRL name] source-path [URL for CRL]

I guess that the popup is shown because it is private certificates. THe popup can be avoided by some setting on BIG-IP side?