ltm auth ssl-crldpΒΆ

ltm auth ssl-crldp(1)	      BIG-IP TMSH Manual	 ltm auth ssl-crldp(1)



NAME
       ssl-crldp - Configures a Secure Socket Layer (SSL) Certificate
       Revocation List Distribution Point (CRLDP) configuration object for
       implementing SSL CRLDP to manage certificate revocation.

MODULE
       ltm auth

SYNTAX
       Configure the ssl-crldp component within the ltm auth module using the
       syntax shown in the following sections.

   CREATE/MODIFY
	create ssl-crldp [name]
	modify ssl-crldp [name]
	  options:
	    cache-timeout [integer]
	    connection-timeout [integer]
	    description [string]
	    servers
	      [add | delete | replace-all-with] {
		[ip address ... ]
	    }
	    servers [default | none]
	    update-interval [integer]
	    use-issuer [disabled | enabled]

	edit ssl-crldp [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list ssl-crldp
	list ssl-crldp [ [ [name] | [glob] | [regex] ] ... ]
	show running-config ssl-crldp
	show running-config ssl-crldp
	  [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete ssl-crldp [name]

DESCRIPTION
       CRLDP authentication is a mechanism for checking certificate revocation
       status for client connections passing through the system. This module
       is useful when your authentication data is stored on a remote CRLDP
       server.

       To implement a CRLDP authentication module and create an SSL CRLDP
       configuration object:

       1. Use the crldp-server component, in the ltm auth module, to create a
       CRLDP server.
       2. Use the ssl-crldp component in the ltm auth module to configure a
       CRLDP configuration object that references the server you created in
       Step 1.
       3. Use the profile component in the ltm auth module to create an
       authentication profile in which you specify the following options:
	    a. For the configuration option, specify the SSL CRLDP
	    configuration object that you created in Step 2.
	    b. For the defaults-from option, specify a parent profile (either
	    the default profile named ssl_crldp or another custom profile that
	    you created).

EXAMPLES
       create ssl-crldp my_auth_ssl-crldp

       Creates an SSL CRLDP configuration object named my_auth_ssl-crldp.

       delete ssl-crldp my_auth_ssl-crldp

       Deletes the SSL CRLDP configuration object named my_auth_ssl-crldp.

OPTIONS
       cache-timeout
	    Specifies the number of seconds that CRLs are cached. The default
	    value is 86400 (24 hours).

       connection-timeout
	    Specifies the number of seconds before the connection times out.
	    The default value is 15.

       description
	    User defined description.

       glob Displays the items that match the glob expression. See help glob
	    for a description of glob expression syntax.

       name Specifies a unique name for the component. This option is required
	    for the commands create, delete, and modify.

       partition
	    Displays the administrative partition within which the component
	    resides.

       regex
	    Displays the items that match the regular expression. The regular
	    expression must be preceded by an at sign (@[regular expression])
	    to indicate that the identifier is a regular expression. See help
	    regex for a description of regular expression syntax.

       servers
	    Specifies a host name or IP address for the secure CRLDP server.
	    This option is required. The default value is none.

       update-interval
	    Specifies an update interval for CRL distribution points that
	    ensures that CRL status is checked at regular intervals,
	    regardless of the CRL timeout value. This helps to prevent CRL
	    information from becoming outdated before the BIG-IP system checks
	    the status of a certificate. The default value is 0 (zero), which
	    indicates an internal default value is active.

       use-issuer
	    Specifies whether the system extracts the CRL distribution point
	    from the client certificate. The default value is disabled.

SEE ALSO
       create, delete, edit, glob, list, ltm auth profile, ltm auth crldp-
       server, ltm virtual, modify, regex, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2013, 2016. All rights
       reserved.



BIG-IP				  2016-03-14		 ltm auth ssl-crldp(1)