ACS 4.1 (1.3) for windows CRL problem

e.bayon · ‎11-12-2009

I've configured new CA in the Certification trusted list, when I go to the CRL configuring menu, and I check the "CRL in use" and I push over the "submit" label to activate it, I always receive the same message: Failed to retrieve or verify CRL. Verify the CRL Distribution URL.

The message from de ADM.log is the next:

CRL: CRL: failed to find an issuer's certificate for crl C:\Archivos de programa\CiscoSecure ACS v4.1\CRL\acs1(12-11-2009@16-30-14).crl

The CRL Distribution URL is:http://10.252.252.4/crl.crl

Nevertheless, If I do a Remote terminal session to the 2K3 windows server where the Cisco ACS software is installed, and try to open an I.e. session to the same URL where the crl file is allocated, I can download perfectly.

This procedure needs to be OK,in order to perform a EAP-TLS session with wireless client against external LDAP data base.

Where is my mistake?

Regards

ansalaza · ‎11-12-2009

"Might" be hitting:

CSCsg61729 - ACS fails to find an issuer's certificate for CRL list uploaded from CDP

ACS will sometimes take the CRL pointer from the root certificate, even if the CRL URL is configured to point to a different system.

Do you already have the CA installed in ACS?

e.bayon · ‎11-13-2009

Yes I have installed the certificate in ACS application (CTL) and the W2k3 server I.e content tools menu.

The CA is not a Microsoft Certs Server is a Autonomous server wich is istalled a software to generate certificates

I want to use this certificate only for EAP-TLS connections purpose, because the ACS web page is certicated with Cisco ACS self signed certificate. Could it be the problem?

e.bayon · ‎02-27-2012

IT was fixed.

tfelmly · ‎10-25-2012

Can you please share the fix with me? We are having the same issue using Go Daddy.

Thank you,

Todd