Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13829
Views
15
Helpful
15
Replies

CRL checking problem.

Go to solution
narcis antonie
Level 1
Level 1

‎12-05-2012 02:32 AM

Hello,

I am facing the same problem as here: https://supportforums.cisco.com/thread/2047836.

The  main ideea is that I want to implement secure gre over ipsec with  digital certificates. The problem is that I want to do everything  off-line (with copy/paste), even the revocation checking (by using a crl  file copy/pasted form the CA on a microsoft IIS http server, because I  don't have the possibility to use a ldap server).

Everything goes  well untill I want to check the crl. At that point the routers are showing  "error #705h" after reading the crl file (I know that the file is read  because I can see the content of it if I do debug, the error is shown  afterwards).

If I issue the "show crypto pki crls" command, nothing is shown, so the routers are not loading the crl file.

The hierarchy is as follows: ROOT_CA --> 1st SUB_CA --> 2nd SUB_CA --> routers (the routers are not connected with the CAs, I am loading all certificates by hand with copy/paste).

Is it even possible to do everything off-line, or do I need at least the last SUB_CA to be on-line with the routers?

Thanks in advance,

Narcis Antonie

1 person had this problem
Labels:
0 Helpful
15 Replies 15

Go to solution
narcis antonie
Level 1
Level 1
In response to marius.dumitru

‎02-15-2017 01:14 PM

Te sun maine

0 Helpful
Customers Also Viewed These Support Documents