Solved: ISE not able to download CRL list

umahar · ‎10-18-2016

We are seeing Unable to download CRL error

The below error is seen on the details

However we can are able to retrieve the CRL on our browser using the same HTTP url.

Any idea what might be wrong ?

Does ISE not support CRL retrieval without HTTPS ?

umahar · ‎10-23-2016

Thanks, It is working now.

Had to bypass the CRL from global proxy setting.

View solution in original post

hslai · ‎10-18-2016

We would need enabling DEBUG on runtime components. Best to open a TAC case, if this is a customer setup.

ISE does also supports CRL downloads via clear-text HTTP URLs. In case of HTTPS, the certificate chain would need to be imported into the trusted store, and, if ISE 2.0+, it might need tweaking Administration > System > Settings > Protocols > Security Settings.

umahar · ‎10-23-2016

Thanks, It is working now.

Had to bypass the CRL from global proxy setting.

sdfgdfgfddfdfgdf · ‎07-19-2019

I had the same problem recently in ISE 2.4

Didn't matter if it was http or https, although different errors returned in the logs for each.

I had the domain as a wildcard entry in the bypass for the configured proxy.

But it didn't work until I added the full host name, with domain.

Admin>System>Settings>Proxy

With this fixed, it also worked with either http or https.