This issue is due to presence of Cisco bug ID CSCeg20752.
In this issue, ACS passes authentication for EAP-TLS users, even though their certificate is revoked. Normal authentication of users works fine, but the Certificate Revocation List (CRL) is not downloaded or parsed.
This issue is typically observed in multi-tiered CA environment where the certificates are issued and revoked on intermediate CAs that are subordinate to the root CA. In this setup, it is not possible to add the intermediate CA into the Certificate Trust List. This makes it not trust CRLs created by the intermediate CA.
Workaround for this issue is to design CA infrastructure as standalone CA or do nor use CRLs.
In order to resolve this issue, upgrade Cisco Secure ACS to software version 3.3(3.11) or later. In order to download the suggested software version, visit Cisco Downloads.
Hello There, When I am trying to access cisco anyconnect via Display Name, it gives me a certificate is not trusted error.Trusted certificate is already installed. but when I try to access by fqdn "vpn.abc.com" it works without certificate erro...
Hello everyone,,I am looking for advice on which tools people are using to analyse syslog data from their Firepower modules to get detailed information on user Internet access. I am able to send the data to our syslog server, and have set up the free vers...
Hi all, hopefully someone can provide some valuable input as I'm totally stuck.I'm having problems accessing ASDM. I have tried a few different versions of ASDM and Java but none seem to work. At the moment I'm stuck on the below when attempting to launch...
Hi All, I noticed today that 6.5.0 version of Firepower was released:https://www.cisco.com/c/en/us/support/security/defense-center/products-release-notes-list.html I went to my FMC to check for updates, but it only had an update to 18.104.22.168, whic...