Forum Discussion
NimbostratusExpired client-certificate
Does F5 BIG-IP revoke expired client-certificates automatically?
If not, is it possible without iRules/APM?
Thanks
Christian
4 Replies
- Injeyan_Kostas
Nacreous
I suppose you are talking about client cert in client SSL profile.
If the certificate is expired F5 will not accept it anyway.
If you need to revoke a not expired certificate you should use crl or even better oscp.
- Aswin_mk
MVP
Hello Christian,
Your question is not clear. Please correct if you mean the client side or client SSL in F5. if in client SSL profile, F5 will not revoke the certificate automatically.
BR
Aswin - JoseLabra
Hello
I assume we're talking about an SSL certificate from the client-side SSL profile.
It's not possible. If a certificate is expired, I assume the IT team has already noticed this and uploaded the new SSL certificate, and the change won't take more than 5 minutes. Service validations can take longer depending on the type of service.
Now, it can be automated with REST APIs and Python, but it's a more complex issue, and for automation purposes, it might be a good option.
I'll be happy to answer your questions.
- Melissa_C
Moderator
Hello Greifensteiner​,
It appears that there are some answers but they may need some clarification to make sure they are assisting properly. If you could update your post with clarification of your question or if the details that have been provided correctly answered your question marking as solved that would be helpful to other users.
Thank you for posting in our community!
-Melissa
