APM CRL checking
Hello.
I'm working with APM and using On-demand client certificate auth with policy type - request, because i want to have fallback rule in case of certificate validation failure.
So, according to http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_config_10_2_0/apm_config_clientcert_auth.html - You should not configure CRL updates if you are using the Access Policy Manager to generate and issue On-Demand Certificates to users (using either a self-signed client root CA certificate, or a client root CA certificate from a trusted CA). In this case the Access Policy Manager manages CRLs internally.
But seems it's not working, i have certificate with public crl in it like http://CA/revoke.crl, i can resolve this address through BIG-IP, but if i revoke some cert its still valid for authentication so i assume that crl isn't checked. So how to setup crl checking for APM if i have only URL where Crl file located and could not provide ldap crldp or OCSP?