Bug ID 571408: Step-Up Auth cannot validate SSL certificate revocations

Last Modified: Apr 19, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Fixed In:

Opened: Feb 02, 2016
Severity: 3-Major


CRLDP Auth and OCSP Auth are not available in the subroutine policies.


On Demand Cert Auth will validate that the certificate was validly signed by the certificate authority. But for full feature support, we should also be able to check if the certificate authority has revoked the certificate. That is the role of CRLDP Auth and OCSP Auth, but the agents are not currently available.


The subroutines have On Demand Cert Auth, but do not have CRLDP Auth or OCSP Auth available.



Fix Information

The CRLDP Auth and OCSP Auth agents have been added to the subroutines.

Behavior Change