Disable certificate revocation checking

Question

I would like to be able to ignore revoked SSL server certificates for certain outbound HTTPS connections. The CA that issued those certificates is under my control. So my first thought was to create a local/static CRL (from my CA) that contained no revoked certificate serial numbers. Then I created a Server SSL profile which used that CRL in the Server Authentication section, and applied that profile to virtual server used for the outbound connection.

The outbound connection worked fine until I revoked the server certificate. Now I get a "SSL Handshake failed" error during the connection attempt. So the F5 is clearly not using the local CRL.

Am I misundertanding the purpose of a local CRL?

Is there another/better way to accomplish this?

chrisllanes · Answer

Thank you Napoleon164. I'll find another way to get this done.

Forum Discussion

Disable certificate revocation checking

Recent Discussions

Transaction looks successful but file not downloading

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Revocation Status in HTTP Request Header

Bypass certificate check

Server Certificate Revocation

Validate Certificate Common Name and Revocation Status

BIG-IP VE license revocation/reuse