https://community.cisco.com/t5/network-access-control/crl-error/m-p/1727770#M232682 <P>I just noticed that I was not able to connect because there was na expired CRL in my CA chain.&nbsp; After some investigation, it turns out the ACS server can't get the CRL information from the CA server.&nbsp; It was working at one time.&nbsp; Does anyone know what permissions need to be changed to get it to work?&nbsp; I know I can change ACS to ignore CRL erorrs, but then what would be the point of using CRLs at all?&nbsp; I'm assuming something broke when I was trying to get web enrollment to work by playing with the settings on the CA server.&nbsp; Here is the error from the ACS server:</P><P></P><P>Message_Code = 33402 </P><P>Message_Severity = ERROR </P><P>Category = CSCOacs_Internal_Operations_Diagnostics </P><P><SPAN>Diagnostic_Info = LastErrorMessage=Failed performing HTTP GET error: 403, Certificate Revocation list Url=</SPAN><A class="jive-link-external-small" href="http://CAServer/CertEnroll/CA.crl" target="_blank">http://CAServer/CertEnroll/CA.crl</A></P> Mon, 11 Mar 2019 01:11:31 GMT raymondhugh 2019-03-11T01:11:31Z https://community.cisco.com/t5/network-access-control/crl-error/m-p/1727770#M232682 <P>I just noticed that I was not able to connect because there was na expired CRL in my CA chain.&nbsp; After some investigation, it turns out the ACS server can't get the CRL information from the CA server.&nbsp; It was working at one time.&nbsp; Does anyone know what permissions need to be changed to get it to work?&nbsp; I know I can change ACS to ignore CRL erorrs, but then what would be the point of using CRLs at all?&nbsp; I'm assuming something broke when I was trying to get web enrollment to work by playing with the settings on the CA server.&nbsp; Here is the error from the ACS server:</P><P></P><P>Message_Code = 33402 </P><P>Message_Severity = ERROR </P><P>Category = CSCOacs_Internal_Operations_Diagnostics </P><P><SPAN>Diagnostic_Info = LastErrorMessage=Failed performing HTTP GET error: 403, Certificate Revocation list Url=</SPAN><A class="jive-link-external-small" href="http://CAServer/CertEnroll/CA.crl" target="_blank">http://CAServer/CertEnroll/CA.crl</A></P> Mon, 11 Mar 2019 01:11:31 GMT https://community.cisco.com/t5/network-access-control/crl-error/m-p/1727770#M232682 raymondhugh 2019-03-11T01:11:31Z https://community.cisco.com/t5/network-access-control/crl-error/m-p/1727771#M232728 <HTML><HEAD></HEAD><BODY><P>I found the problem - I had the URL set to require https connection, but ACS does not support that.&nbsp; Once I unchecked the requirement, it worked.</P></BODY></HTML> Tue, 28 Jun 2011 13:44:08 GMT https://community.cisco.com/t5/network-access-control/crl-error/m-p/1727771#M232728 raymondhugh 2011-06-28T13:44:08Z