cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

Nadav
Rising star
Rising star

Hi all,

 

If the CRL Distribution URL isn't available, it's possible to tell ISE to retain the current CRL in a cached state. This doesn't persist between reboots.

 

Is there any time limit on how long the CRL is cached and used for subsequent authentications, or is it perpetual until either the CDP is accessible or until the ISE node is rebooted?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

hslai
Cisco Employee
Cisco Employee
3 REPLIES 3

hslai
Cisco Employee
Cisco Employee

See the option "Ignore that CRL is not yet valid or expired" in Edit Certificate Settings

Hi,

 

So if the effective dates of the CRL are ignored, the ISE nodes will maintain the CRL in cache indefinitely until the node is reset?

hslai
Cisco Employee
Cisco Employee

Correct.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: