Client Certificate Validity

Question

Hi,&nbsp;
&nbsp;I had configured F5 to insert SSL Client Certiificate in HTTP Headers that mentioned in http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=5&amp;view=topic&amp;postid=13667. &nbsp;
&nbsp;Now I would like to add a Certificate Validity/Revocation check before inserting certificate into HTTP Headers. I don't want to insert certificate in http headers if it is expired or revoked by CA. Does anyone know how to do that check using CA CRL?&nbsp;&nbsp;
&nbsp;Thanks in advance
&nbsp;--
&nbsp;Bhargav

bhargav_9588 · Answer

Help Please!!!

joe_hagan_47074 · Answer

Check out this sample&nbsp;
&nbsp;http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html&nbsp;
&nbsp;The only question I have is how is the SSL session maintained.  Is it suppose to end if the client closes the browser?

bhargav_9588 · Answer

Thanks a lot. It worked.&nbsp;
&nbsp;For your question, Yes it should end the session when client closes the browser.&nbsp;
&nbsp;Currently, I set the timeout to 180.&nbsp;
&nbsp;Thanks,
&nbsp;Bhargav

Forum Discussion

Client Certificate Validity

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

SSL Client Certification Alert 46 Unknown CA

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS