Forum Discussion

Cirrostratus

May 10, 2017

Why we CRL? OCSP?

I am wondering, Why we check client certificate using CRL? or OCSP? Since i am holding the Public Certicate and private ket in my f5 box? Client are just accessing my website? How client certific...

Cirrocumulus

May 10, 2017

You just use that to check if the certificate still valid or not. If you are not doing client authentication, there is nothing to check.

Check this articles, as it has diagrams showing the different types of SSL handshake.

https://devcentral.f5.com/articles/ssl-profiles-part-1

On the other hand, the client itself (most likely a browser), will use some kind of validation to check that the certificate still valid, can be one of those methods or not.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Why we CRL? OCSP?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

Related Content

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Configuring OCSP Stapling on BIG-IP

OCSP Responder

OCSP through an outbound explicit proxy

OCSP: Bad Request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS