cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE 2.4: Can you configure multiple "CRL Distribution URL"s per trusted certificate?

Nadav
Rising star
Rising star

Hi everyone,

 

If I'd like to check more than one FQDN for a CRL prior to authenticating a trusted certificate, is this supported? As far as I can tell the documentation doesn't define this field as a list but as a single URL. 

 

Example:  myCDP1.mydomain.com/CRL.crl, myCDP2.mydomain.com/CRL.crl

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

This is not currently support. I got validation error when attempting to squeeze in multiple URIs into a single text field.

View solution in original post

3 REPLIES 3

hslai
Cisco Employee
Cisco Employee

This is not currently support. I got validation error when attempting to squeeze in multiple URIs into a single text field.

Thanks for the quick reply.

 

That's unfortunate, it can mean a single point of failure for any communication based on that trusted certificate (including dot1x and secure syslog).

 

Any idea how this can be remediated without a load balancer? 

hslai
Cisco Employee
Cisco Employee

I think it possible to do DNS load balancing or AnyConnect, although I have not personally configured either.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: