Last Modified: Jun 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2
Opened: Sep 26, 2024 Severity: 4-Minor
APM AAA CRLDP cache can be used even after CRL's nestUpdate timestamp; if certificates are revoked and published on the CRLDP server, they may not be reflected in the APM CRLDP cache if the CRLDP server is down.
If certificates are revoked and published on the CRLDP server when the CRLDP server is not reachable from APM, a local older CRLDP cache may be used thus not reflecting the latest CRLDP server changes.
(1) APM AAA CRLDP configuration. (2) APM can reach the CRLDP server, download CRL, and build a local CRL cache initially, but the CRLDP server remains unreachable later.
Make sure that the CRLDP server is reachable from APM.
None