ltm auth ssl-crldp
ltm auth ssl-crldp(1) BIG-IP TMSH Manual ltm auth ssl-crldp(1)
NAME
ssl-crldp - Configures a Secure Socket Layer (SSL) Certificate
Revocation List Distribution Point (CRLDP) configuration object for
implementing SSL CRLDP to manage certificate revocation.
MODULE
ltm auth
SYNTAX
Configure the ssl-crldp component within the ltm auth module using the
syntax shown in the following sections.
CREATE/MODIFY
create ssl-crldp [name]
modify ssl-crldp [name]
options:
cache-timeout [integer]
connection-timeout [integer]
description [string]
servers
[add | delete | replace-all-with] {
[ip address ... ]
}
servers [default | none]
update-interval [integer]
use-issuer [disabled | enabled]
edit ssl-crldp [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list ssl-crldp
list ssl-crldp [ [ [name] | [glob] | [regex] ] ... ]
show running-config ssl-crldp
show running-config ssl-crldp
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete ssl-crldp [name]
DESCRIPTION
CRLDP authentication is a mechanism for checking certificate revocation
status for client connections passing through the system. This module
is useful when your authentication data is stored on a remote CRLDP
server.
To implement a CRLDP authentication module and create an SSL CRLDP
configuration object:
1. Use the crldp-server component, in the ltm auth module, to create a
CRLDP server.
2. Use the ssl-crldp component in the ltm auth module to configure a
CRLDP configuration object that references the server you created in
Step 1.
3. Use the profile component in the ltm auth module to create an
authentication profile in which you specify the following options:
a. For the configuration option, specify the SSL CRLDP
configuration object that you created in Step 2.
b. For the defaults-from option, specify a parent profile (either
the default profile named ssl_crldp or another custom profile that
you created).
EXAMPLES
create ssl-crldp my_auth_ssl-crldp
Creates an SSL CRLDP configuration object named my_auth_ssl-crldp.
delete ssl-crldp my_auth_ssl-crldp
Deletes the SSL CRLDP configuration object named my_auth_ssl-crldp.
OPTIONS
cache-timeout
Specifies the number of seconds that CRLs are cached. The default
value is 86400 (24 hours).
connection-timeout
Specifies the number of seconds before the connection times out.
The default value is 15.
description
User defined description.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
partition
Displays the administrative partition within which the component
resides.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
servers
Specifies a host name or IP address for the secure CRLDP server.
This option is required. The default value is none.
update-interval
Specifies an update interval for CRL distribution points that
ensures that CRL status is checked at regular intervals,
regardless of the CRL timeout value. This helps to prevent CRL
information from becoming outdated before the BIG-IP system checks
the status of a certificate. The default value is 0 (zero), which
indicates an internal default value is active.
use-issuer
Specifies whether the system extracts the CRL distribution point
from the client certificate. The default value is disabled.
SEE ALSO
create, delete, edit, glob, list, ltm auth profile, ltm auth crldp-
server, ltm virtual, modify, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2016. All rights
reserved.
BIG-IP 2016-03-14 ltm auth ssl-crldp(1)