Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
3
Replies

ISE 2.4: Can you configure multiple "CRL Distribution URL"s per trusted certificate?

Go to solution
Nadav
Level 7
Level 7

‎07-03-2019 07:12 AM

Hi everyone,

 

If I'd like to check more than one FQDN for a CRL prior to authenticating a trusted certificate, is this supported? As far as I can tell the documentation doesn't define this field as a list but as a single URL. 

 

Example:  myCDP1.mydomain.com/CRL.crl, myCDP2.mydomain.com/CRL.crl

 

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-03-2019 12:25 PM

This is not currently support. I got validation error when attempting to squeeze in multiple URIs into a single text field.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-03-2019 12:25 PM

This is not currently support. I got validation error when attempting to squeeze in multiple URIs into a single text field.

0 Helpful

Go to solution
Nadav
Level 7
Level 7
In response to hslai

‎07-04-2019 02:01 PM

Thanks for the quick reply.

 

That's unfortunate, it can mean a single point of failure for any communication based on that trusted certificate (including dot1x and secure syslog).

 

Any idea how this can be remediated without a load balancer? 

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Nadav

‎07-04-2019 02:46 PM

I think it possible to do DNS load balancing or AnyConnect, although I have not personally configured either.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents