Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
6
Helpful
2
Replies

ISE Roadmap on OCSP and CRL CSCve74792 / CSCvh85637

sgottsch
Cisco Employee
Cisco Employee

‎10-25-2019 05:57 AM

Hello team,

 

I have a question from a client in regards to the CRL and OCSP. My Client, a large Bank in Germany. 

On the CRL site, they don't support a full CRL only an incremental CRL. Which is currently not supported on ISE.

Is the support of incremental CRL currently  on the roadmap and if so, in what version?

 

2nd Question is about OCSP. According to CSCve74792 / CSCvh85637 we only support HTTP 1.0 and this is not accepted by the Bank. Does anyone know then support newer versions?

 

Thanks

Stephan 

 

2 Replies 2

Arne Bier
VIP
VIP

‎10-25-2019 01:34 PM

Hi @sgottsch 

 

I think it's also documented that ISE does not look at the Trusted Cert's CDP (CRL Delivery Point) to find the CRL URL - this is unfortunate. It would be a handy feature. The workaround is to tediously hand code those URLs.

 

If you look at the ISE logs closely, you might also notice (or I did with ISE 2.3/2.4) that ISE does try to interpret the CDP and then chokes on the LDAP URLs - in Microsoft environments the CA often (by default) creates CRL and publishes the LDAP path. I have not checked whether this is still an issue with latest ISE versions.

0 Helpful

Jason Kunst
Cisco Employee
Cisco Employee

‎10-25-2019 07:48 PM

@Arne Bier  Thanks for greetninfo

course of action for customer is to log issues via defects. Also provide feedback to product management 

 

since this is a technical forum and We don’t discuss roadmap in this public forum. Customers partners can reach our product management at http://cs.co/ise-feedback
 
Employees use http://cs.co/ise-pm
0 Helpful
Customers Also Viewed These Support Documents