09-02-2019 11:50 AM
Dear ISE team,
A customer has two CRL servers for redundancy reasons.
Is it possible to direct ISE to two different URLs to download the CRL from?
Regards,
Oren.
Solved! Go to Solution.
09-02-2019 12:02 PM
With OCSP, you can have a primary and secondary. Not with CRL. I would recommend using OCSP if at all possible. It is more efficient and doesn't require ISE to download an entire CRL on an ongoing basis.
09-02-2019 12:02 PM
With OCSP, you can have a primary and secondary. Not with CRL. I would recommend using OCSP if at all possible. It is more efficient and doesn't require ISE to download an entire CRL on an ongoing basis.
09-02-2019 02:51 PM
If you're lucky enough to have a load balancer, then put up a VIP and have the load balancer farm out the CRL download requests to the servers. Perhaps you could even play some tricks with your DNS - use a CNAME that points to both of your servers. That would ensure that in the event of the first A record not responding, the second one would be used. Works quite well in other use cases where we need to use a single FQDN for a system with multiple backend hosts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide