Why we CRL? OCSP?

Question

I am  wondering, Why we check client certificate using CRL? or OCSP?
Since i am  holding the Public Certicate and private ket in my f5 box? 
Client are just accessing my website?  How client certificate if compromised , it will breach my web server security?&nbsp;

leonardo_souza · Answer

You just use that to check if the certificate still valid or not.
If you are not doing client authentication, there is nothing to check.&nbsp;
Check this articles, as it has diagrams showing the different types of SSL handshake.&nbsp;
https://devcentral.f5.com/articles/ssl-profiles-part-1&nbsp;
On the other hand, the client itself (most likely a browser), will use some kind of validation to check that the certificate still valid, can be one of those methods or not.&nbsp;

Forum Discussion

Why we CRL? OCSP?

Recent Discussions

Default retry time inband monitor

how to monitor the axfr master response

Http / https health monitor issue

I used the wrong email account when take Application Delivery Exam (101)

F5 looses the token for the first call

Related Content

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Configuring OCSP Stapling on BIG-IP

OCSP Responder

OCSP through an outbound explicit proxy

OCSP: Bad Request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS