Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1688
Views
0
Helpful
3
Replies

When does ISE need to download CRL from http server or LdAP server?

Herman2018
Level 3
Level 3

‎08-03-2020 05:44 AM

Hi , anyone can please advise which scenarios ISE need to download CRL from the server? What is the purpose of CRL? Thanks in advance. 

0 Helpful
3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-03-2020 06:06 AM

Hi , anyone can please advise which scenarios ISE need to download CRL from the server?
-ISE can/should use CRLs to determine validity of certificate status. An example would be a certificate used in eap-tls for authentication purposes. You would want to verify that the cert is trusted and valid.
What is the purpose of CRL?
-Provides a downloadable list of revoked certificates. This list contains certs that the issuing CA has revoked before the scheduled expiration date and should no longer be trusted.
Lastly, AFAIK keep in mind that ISE cannot use delta CRLs.
HTH!
0 Helpful

Herman2018
Level 3
Level 3
In response to Mike.Cifelli

‎08-04-2020 02:24 AM

Thanks. @Mike.Cifelli . If don't use CRL, change certificate manually, is it also ok, right? 

 

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Herman2018

‎08-04-2020 05:54 AM

I am not sure I follow your question. In your ISE trust store you can configure whether or not to use an OCSP profile or CRL download for the respective certificates.
0 Helpful
Customers Also Viewed These Support Documents