Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1052
Views
0
Helpful
1
Replies

CRL error

raymondhugh
Level 1
Level 1

‎06-28-2011 06:31 AM - edited ‎03-10-2019 06:11 PM

I just noticed that I was not able to connect because there was na expired CRL in my CA chain.  After some investigation, it turns out the ACS server can't get the CRL information from the CA server.  It was working at one time.  Does anyone know what permissions need to be changed to get it to work?  I know I can change ACS to ignore CRL erorrs, but then what would be the point of using CRLs at all?  I'm assuming something broke when I was trying to get web enrollment to work by playing with the settings on the CA server.  Here is the error from the ACS server:

Message_Code = 33402

Message_Severity = ERROR

Category = CSCOacs_Internal_Operations_Diagnostics

Diagnostic_Info = LastErrorMessage=Failed performing HTTP GET error: 403, Certificate Revocation list Url=http://CAServer/CertEnroll/CA.crl

Labels:
0 Helpful
1 Reply 1

raymondhugh
Level 1
Level 1

‎06-28-2011 06:44 AM

I found the problem - I had the URL set to require https connection, but ACS does not support that.  Once I unchecked the requirement, it worked.

0 Helpful
Customers Also Viewed These Support Documents