Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1268
Views
5
Helpful
2
Replies

Maximum CRL Size?

colintulloch
Level 1
Level 1

‎03-15-2016 10:22 AM - edited ‎03-12-2019 12:29 AM

What is the maximum CRL size an ASA can support?  When configuring VPN for certificate authentication, I'd like to do CRL checking, but I've heard from another customer that they hit an issue with CRLs above a few MBs.

Searching, the ONLY thing I've been able to find is a 7 year old post saying; Max 65534 entries, max size 4M

https://supportforums.cisco.com/discussion/10784511/max-crl-size-cisco-asa

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎03-15-2016 05:26 PM

Hello ,

Thats right. Maximum size of a single CRL: 4Mb and Maximum number of entries within a CRL: 65534

If you are getting close or above the limit, OCSP might be a smarter way than CRL.


Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

colintulloch
Level 1
Level 1
In response to Dinesh Moudgil

‎03-15-2016 06:20 PM

I'm really surprised by this.  Is this for all versions of IOS, even newer versions can't support a larger CRL? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card