Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
2
Replies

Obtaining Windows 2000 CRL on a router

mattcooling
Level 1
Level 1

‎11-13-2002 07:45 AM - edited ‎03-09-2019 01:03 AM

I'm configuring a number of devices with site-to-site VPNs, using Microsoft Windows 2000 Certificate Services to provide the certificates.

I have got the connections up and running successfully; however, when downloading the CRL I find that it does not contain the revoked certificates - hence the VPNs stay active.

Has anyone experienced similar problems, or have any suggestions as to a solution?

Many thanks, Matt

Labels:
0 Helpful
2 Replies 2

ssoberlik
Level 4
Level 4

‎11-26-2002 08:38 AM

May be this URL might be of some help to you

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cc2.html

0 Helpful

kdurrett
Level 3
Level 3
In response to ssoberlik

‎11-26-2002 08:56 AM

The default time period for a crl list on Microsoft servers is one week. So unless you publish a new crl list from the server, you will continue to get the old crl list until the server automatically publish's a new crl list. Nothing on IOS that you can do about that as its a server configuration. On your revoked section, right click and publish a new crl list. The router will then get the updated crl list on the next cert connection. You might have to do a crypto ca crl request on the router to get that pulled down. But as the above link stated, make sure your running 12.2.8T or above.

Kurtis Durrett

0 Helpful
Customers Also Viewed These Support Documents