How to understand "Update CRL" field in LTM's Certificate Authority profile?

Question

Hi,&nbsp;
I am wondering, how should I understand the CRL related fields in LTM's CA profile (Local Traffic &gt; Profiles &gt; SSL &gt; Certificate Authority)? I cannot find any documentation for this profile.&nbsp;
I would like to use this CA profile in APM's machine certificate check and make sure that machines with revoked certificates are denied access to APM resources.&nbsp;
I understand that the "Certificate Revocation List (CRL)" field defines a static CRL file stored locally which I previously created under System &gt; File Management &gt; SSL Certificate List.&nbsp;
But using CRL without a periodic and automatic update does not make sense.&nbsp;
But I am struggling to understand what exactly would LTM do if I check the "Update CRL" checkbox under CA profile. How would LTM update this CRL? Where would it get the information for this update from? Would it read the CRL location URL from the certificate and try to access it? &nbsp;
Anybody has an idea on how this is meant to work? &nbsp;

martin_vlasko · Answer

Actually I found the solution. I removed the CRL settings from Local Traffic CA profile and instead, created APM policy action CRLDP Authentication. This item forces APM policy to make a dynamic CRL check on the fly, exactly what I needed.

Forum Discussion

How to understand "Update CRL" field in LTM's Certificate Authority profile?

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Understanding Server SSL Trusted Certificate Authorities on BIG-IP

Understanding iApps

Understanding IPSec IKEv1 negotiation on Wireshark

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding Modern Application Architecture - Part 1