07-22-2019 12:38 AM
Hi all,
If the CRL Distribution URL isn't available, it's possible to tell ISE to retain the current CRL in a cached state. This doesn't persist between reboots.
Is there any time limit on how long the CRL is cached and used for subsequent authentications, or is it perpetual until either the CDP is accessible or until the ISE node is rebooted?
Thanks!
Solved! Go to Solution.
07-22-2019 04:27 PM
Correct.
07-22-2019 06:09 AM
See the option "Ignore that CRL is not yet valid or expired" in Edit Certificate Settings
07-22-2019 02:18 PM
Hi,
So if the effective dates of the CRL are ignored, the ISE nodes will maintain the CRL in cache indefinitely until the node is reset?
07-22-2019 04:27 PM
Correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: