Forum Discussion

Nimbostratus

Sep 02, 2025

Expired client-certificate

Does F5 BIG-IP revoke expired client-certificates automatically? If not, is it possible without iRules/APM? Thanks Christian

configuration

JoseLabra

MVP

Sep 04, 2025

Hello

I assume we're talking about an SSL certificate from the client-side SSL profile.

It's not possible. If a certificate is expired, I assume the IT team has already noticed this and uploaded the new SSL certificate, and the change won't take more than 5 minutes. Service validations can take longer depending on the type of service.

Now, it can be automated with REST APIs and Python, but it's a more complex issue, and for automation purposes, it might be a good option.

I'll be happy to answer your questions.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Expired client-certificate

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

BIG-IQ Client Certificate (PKI) Authentication

SSL Client Certification Alert 46 Unknown CA

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

Thumbprint of the client ssl certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS