Forum Discussion

Cirrus

Mar 06, 2024

Solved

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Hi, we have implemented dynamic CRL checking with client SSL profile in our test environment with BIG-IP 15.1. And it works. If a test user tries to establish a SSL session to a VIP with dynam...

Kevin_Stewart
Apr 09, 2024
Spit-balling here, but do you have Client Certificate auth set to Request or Require? The latter will terminate the session if validation fails. The former will not.

Kevin_Stewart

Employee

Apr 09, 2024

Spit-balling here, but do you have Client Certificate auth set to Request or Require? The latter will terminate the session if validation fails. The former will not.

SMilanic
Cirrus
Apr 09, 2024
Hi Kevin,
Yes, in fact, setting the Client cert auth to "Request" instead of "Require" solved the problem.
When the Client cert auth is set to "Request", we can catch the result in an iRule and redirect the client's browser to an error page.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Cannot ping external interface

AST Configuration Assistance

Related Content

SSL Profiles Part 8: Client Authentication

OAuth 2.0 Dynamic Client Registration

Client SSL Profile

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Client vs Server SSL profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS