cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

94
Views
0
Helpful
3
Replies
Highlighted
Rising star

ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

Hi all,

 

If the CRL Distribution URL isn't available, it's possible to tell ISE to retain the current CRL in a cached state. This doesn't persist between reboots.

 

Is there any time limit on how long the CRL is cached and used for subsequent authentications, or is it perpetual until either the CDP is accessible or until the ISE node is rebooted?

 

Thanks!

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

Correct.

3 REPLIES 3
Cisco Employee

Re: ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

See the option "Ignore that CRL is not yet valid or expired" in Edit Certificate Settings

Rising star

Re: ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

Hi,

 

So if the effective dates of the CRL are ignored, the ISE nodes will maintain the CRL in cache indefinitely until the node is reset?

Cisco Employee

Re: ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

Correct.