Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Secure ACS unable to retrieve Certificate Revocation List for an Intermediate certificate authority

Labels:
1158
Views
0
Helpful
0
Comments
TCC_2
TCC_2 Engager
‎06-17-2009 10:12 PM
edited on: ‎03-08-2019 ‎06:01 PM

Core issue

This issue is due to presence of Cisco bug ID CSCeg20752.

In this issue, ACS passes authentication for EAP-TLS users, even though their certificate is revoked. Normal authentication of users works fine, but the Certificate Revocation List (CRL) is not downloaded or parsed.

This issue is typically observed in multi-tiered CA environment where the certificates are issued and revoked on intermediate CAs that are subordinate to the root CA. In this setup, it is not possible to add the intermediate CA into the Certificate Trust List. This makes it not trust CRLs created by the intermediate CA.

Resolution

Workaround for this issue is to design CA infrastructure as standalone CA or do nor use CRLs.

In order to resolve this issue, upgrade Cisco Secure ACS to software version 3.3(3.11) or later. In order to download the suggested software version, visit Cisco Downloads.


Features & Tasks

Certificate Revocation List (CRL)

Protocol / Ports

EAP-TLS

0 Helpful
Latest Contents
Cisco AnyConnect Display Name
Created by a.amin@csm-compressor.com on 10-17-2019 08:30 AM
1
0
1
0
Hello There, When I am trying to access cisco anyconnect via Display Name, it gives me a certificate is not trusted error.Trusted certificate is already installed. but when I try to access by fqdn  "vpn.abc.com" it works without certificate erro... view more
URL Reporting on Cisco Firepower
Created by JhonMicky on 10-17-2019 07:51 AM
0
0
0
0
Hello everyone,,I am looking for advice on which tools people are using to analyse syslog data from their Firepower modules to get detailed information on user Internet access. I am able to send the data to our syslog server, and have set up the free vers... view more
ASDM Launcher "problem ocuured while launching device manage...
Created by sam.selvey1 on 10-17-2019 07:26 AM
0
0
0
0
Hi all, hopefully someone can provide some valuable input as I'm totally stuck.I'm having problems accessing ASDM. I have tried a few different versions of ASDM and Java but none seem to work. At the moment I'm stuck on the below when attempting to launch... view more
Firepower VM updates confusion
Created by qwerty321 on 10-17-2019 07:24 AM
1
0
1
0
Hi All, I noticed today that 6.5.0 version of Firepower was released:https://www.cisco.com/c/en/us/support/security/defense-center/products-release-notes-list.html I went to my FMC to check for updates, but it only had an update to 6.4.0.6, whic... view more
SMA SNMP configuration problem.
Created by MohamedSamer47595 on 10-17-2019 06:55 AM
0
0
0
0
I have a Cisco management appliance running version 13.0.0-187 and I am trying to configure snmp, when I type snmpconfig  I get the error The session is closed immediately. Has anyone seen this before?
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
August's Community Spotlight Awards