Forum Discussion

Nimbostratus

Sep 02, 2025

Expired client-certificate

Does F5 BIG-IP revoke expired client-certificates automatically? If not, is it possible without iRules/APM? Thanks Christian

configuration

JoseLabra

MVP

Sep 04, 2025

Hello

I assume we're talking about an SSL certificate from the client-side SSL profile.

It's not possible. If a certificate is expired, I assume the IT team has already noticed this and uploaded the new SSL certificate, and the change won't take more than 5 minutes. Service validations can take longer depending on the type of service.

Now, it can be automated with REST APIs and Python, but it's a more complex issue, and for automation purposes, it might be a good option.

I'll be happy to answer your questions.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Expired client-certificate

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 i-series Guests to r-series tenants migration

F5 CNF/SPK/BNK and etc. support for Custom URL classifications/apps/IPS signatures?

expandsSubcollections and filtering in F5 SDK

Building new F5 replica

F5 upgrades

Related Content

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

BIG-IQ Client Certificate (PKI) Authentication

SSL Client Certification Alert 46 Unknown CA

Thumbprint of the client ssl certificate

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS