My ACS is performing EAP-TLS for users, but when I enable CRL download checking
authentication fails, I've tried converting the crl file to pem format but that doesn't work.
Yet I can download and read CRL from my browser,
ACS 5.4 introduces a new protocol, Online Certificate Status Protocol (OCSP), which is used to check the status of x.509 digital certificates. This protocol can be used as an alternate to the Certificate Revocation List (CRL). It can also address the issues that result in handling CRLs. For more information, see the Working with OCSP Services section in User Guide for Cisco Secure Access Control System 5.4.