F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mshafiq99_32052's avatar
mshafiq99_32052
Icon for Nimbostratus rankNimbostratus
May 11, 2017

OCSP and CRL

I would like to ask if it is possible to authenticate clients using OCSP and CRL concurrently. We started off with a private CA which supports OCSP based authentication. We have now purchased a cloud...
application delivery
iRules
LTM
Leonardo_Souza's avatar
Leonardo_Souza
Icon for Cirrocumulus rankCirrocumulus
May 11, 2017

It should work with LTM. APM also provides similar functionality.

 

However, you need a license for that:

 

https://support.f5.com/csp/article/K14768

 

For OCSP, here is the manual to setup:

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-6-0/44.html

 

For CRL, if you just want the CRL, you can setup that in the client ssl profile. You should not need a license for that.

 

If you are looking for CRLDP, you do need the same license as OCSP. Here is the manual for that:

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-6-0/40.html