oops, thanks Aaron. i just noticed CRL in the title. :D
i think you have seen this sol before but just in case.
Certificate Revocation List
The Certificate Revocation List (CRL) setting allows you to specify a CRL that the BIG-IP should use to check revocation status of a certificate prior to authenticating a client.
If you want to use a CRL, you must upload it to the /config/ssl/ssl.crl directory on the BIG-IP system. The name of the CRL file may then be entered in the Certificate Revocation List (CRL) setting dialog box.sol10167: Overview of the Client SSL profile
http://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html