cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1479
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

This issue is due to presence of Cisco bug ID CSCeg20752.

In this issue, ACS passes authentication for EAP-TLS users, even though their certificate is revoked. Normal authentication of users works fine, but the Certificate Revocation List (CRL) is not downloaded or parsed.

This issue is typically observed in multi-tiered CA environment where the certificates are issued and revoked on intermediate CAs that are subordinate to the root CA. In this setup, it is not possible to add the intermediate CA into the Certificate Trust List. This makes it not trust CRLs created by the intermediate CA.

Resolution

Workaround for this issue is to design CA infrastructure as standalone CA or do nor use CRLs.

In order to resolve this issue, upgrade Cisco Secure ACS to software version 3.3(3.11) or later. In order to download the suggested software version, visit Cisco Downloads.


Features & Tasks

Certificate Revocation List (CRL)

Protocol / Ports

EAP-TLS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: