cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
938
Views
0
Helpful
3
Replies

ISE 2.4: CRL retention if CRL Distribution URL isn't accessible

Nadav
Level 7
Level 7

Hi all,

 

If the CRL Distribution URL isn't available, it's possible to tell ISE to retain the current CRL in a cached state. This doesn't persist between reboots.

 

Is there any time limit on how long the CRL is cached and used for subsequent authentications, or is it perpetual until either the CDP is accessible or until the ISE node is rebooted?

 

Thanks!

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee
3 Replies 3

hslai
Cisco Employee
Cisco Employee

See the option "Ignore that CRL is not yet valid or expired" in Edit Certificate Settings

Hi,

 

So if the effective dates of the CRL are ignored, the ISE nodes will maintain the CRL in cache indefinitely until the node is reset?

hslai
Cisco Employee
Cisco Employee

Correct.