Hi Aaron,
We are not using the advanced client auth license. Also the provider doesn't support OCSP.
We also opent a case by F5 and they replied with the following
-------------------------------------------------------------------------------------------------------
Creating an aggregate CRL file
If you need to revoke certificates from more than one CA, you can create an aggregate CRL file simply by concatenating the CRL files from each CA.
For example, if you have a CRL file generated by a commercial CA, commercial_crl.pem, and another CRL file generated by a home-grown OpenSSL CA, openssl_crl.pem, you can combine these into a single CRL file as follows:
Windows:
copy commercial_crl.pem + openssl_crl.pem crl.pem
UNIX:
cat commercial_crl.pem openssl_crl.pem > crl.pem
-------------------------------------------------------------------------------------------------------
I concatenated the two CRL files to one aggregated file and loaded it into the SSL client profile.
It works for both client certificates........., but I still have to test it with client certificates that are revoked (I'm waiting for the provider to provide me two certificates that are revoked)
Hille