Core issue
This is a new feature. The ASA/PIX is not able to validate WebVPN/SSL VPN Client certificates using OCSP as the certificate revocation list (CRL) method in ASA 7.2(1) and above.
Resolution
OCSP, which provides an alternative to CRL for obtaining the revocation status of X.509 digital certificates, is only supported for IPsec clients in ASA 7.2(1) and above..
Refer to OCSP for more details.