Bug ID 571408: Step-Up Auth cannot validate SSL certificate revocations

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1

Fixed In:
13.0.0

Opened: Feb 02, 2016
Severity: 3-Major

Symptoms

CRLDP Auth and OCSP Auth are not available in the subroutine policies.

Impact

On Demand Cert Auth will validate that the certificate was validly signed by the certificate authority. But for full feature support, we should also be able to check if the certificate authority has revoked the certificate. That is the role of CRLDP Auth and OCSP Auth, but the agents are not currently available.

Conditions

The subroutines have On Demand Cert Auth, but do not have CRLDP Auth or OCSP Auth available.

Workaround

None

Fix Information

The CRLDP Auth and OCSP Auth agents have been added to the subroutines.

Behavior Change