topic CRL and OCSP are both part of in Wireless

Cisco WLC EAP-TLS configuration

cisco-eurocem — Mon, 05 Jul 2021 08:49:01 GMT

I need help. I'm trying to configure virtual WLC for EAP-TLS authentication. I configured that, but I don't know where I can set CRL (certificate revocation list) or OCSP (Online Certificate Status Protocol). I must to use this technolodgy for deny access for laid-off employees.

Please refer to the link for

Abhishek Abhishek — Wed, 29 Oct 2014 05:04:10 GMT

Please refer to the link for configuring Cisco WLC EAP-TLS-

http://mrncciew.com/2013/04/22/configuring-eap-tls-on-wlc/

Thanks, but I saw this post.

cisco-eurocem — Wed, 29 Oct 2014 06:07:39 GMT

Thanks, but I saw this post. The question about CRL and OCSP is open.

as far as i know, they are

gabriel.barrios — Tue, 06 Jan 2015 08:42:37 GMT

as far as i know, they are embedded into the properties of each certificate. Look for the details of it.

it will be your RADIUS (NPS, ISE or WLC if doing the end tunnel termination) the one that request the CRL via http or ldap.

hope it helps

CRL and OCSP are both part of

Matthew Peterman — Wed, 07 Jan 2015 22:06:36 GMT

CRL and OCSP are both part of the certificate itself. Your CA must add the URL for these services when the cert is generated. The WLC does not get configured with the URL for these services. The WLC simply knows the Radius Server IP(s) and has the root cert installed so it can handle the TLS authentication.