cancel
Showing results for 
Search instead for 
Did you mean: 

CRL or OSCP in SSLO

elemzy
Nimbostratus
Nimbostratus

Hi 

Can someone explain to me if and how SSLO does CRL checks? I assume that it should automatically perform these certificate revocation checks on behalf of the client since it proxies the client's connection. Other proxy servers are explicit and clear on what they do and how they do this, but I've struggled to find concise information on how it works on SSLO. 

I see CRL and OSCP check boxes that can be configured in SSL configuration in SSLO GUI, but I struggle to understand how this will work since each public webserver indicates its OCSP responder or CRL DP.  

Any help on how SSLO does certificate revocation checks, or if it has to be manually configured, will be appreciated.

3 REPLIES 3

MaximeA
Nimbostratus
Nimbostratus

Hello Elemzy,

I hope I'm not out of line. I had seen in the link below https://clouddocs.f5.com/training/community/sslviz/html/archive3/module1/lab05.html a brief explanation of the CRL and OSCP options in the SSL Configurations.

Best Regards,
Maxime AUDRAIN

elemzy
Nimbostratus
Nimbostratus

Thanks, Kevin,

Configured OCSP as described but it doesn't work with my test site "revoked[.]badssl[.]com". Still waiting for F5 support to help figure out why.