Forum Discussion

Cirrostratus

May 10, 2017

Why we CRL? OCSP?

I am wondering, Why we check client certificate using CRL? or OCSP? Since i am holding the Public Certicate and private ket in my f5 box? Client are just accessing my website? How client certific...

Cirrocumulus

May 10, 2017

You just use that to check if the certificate still valid or not. If you are not doing client authentication, there is nothing to check.

Check this articles, as it has diagrams showing the different types of SSL handshake.

https://devcentral.f5.com/articles/ssl-profiles-part-1

On the other hand, the client itself (most likely a browser), will use some kind of validation to check that the certificate still valid, can be one of those methods or not.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Why we CRL? OCSP?

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

Related Content

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Configuring OCSP Stapling on BIG-IP

OCSP Responder

OCSP through an outbound explicit proxy

OCSP: Bad Request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS