Forum Discussion

Cirrostratus

May 10, 2017

Why we CRL? OCSP?

I am wondering, Why we check client certificate using CRL? or OCSP? Since i am holding the Public Certicate and private ket in my f5 box? Client are just accessing my website? How client certific...

Cirrocumulus

May 10, 2017

You just use that to check if the certificate still valid or not. If you are not doing client authentication, there is nothing to check.

Check this articles, as it has diagrams showing the different types of SSL handshake.

https://devcentral.f5.com/articles/ssl-profiles-part-1

On the other hand, the client itself (most likely a browser), will use some kind of validation to check that the certificate still valid, can be one of those methods or not.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Why we CRL? OCSP?

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

About F5 idle timeout and keep-alive

Problem with sending BotDefense logs to remote server

OSPF traps on BIG-IP v14

[APM] - How to clear the cached certificate for specific url

Fireeye AX integration with F5 via API.

Related Content

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Configuring OCSP Stapling on BIG-IP

OCSP Responder

OCSP through an outbound explicit proxy

OCSP: Bad Request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS