cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2531
Views
0
Helpful
1
Replies

CRL with certificates on ASA 8.2

rate
Level 1
Level 1

Hi,

I've succesfully set up our ASA with SCEP against our internal Microsoft CA server, and sent requests for both a CA certificate and an ID cert. Both have been deployed successfully, and I can request the CRL list from the ASA with the internal CA certificate selected.

The CRL request is successful, and I can see in the CRL list, that my test computer is among those computer certificates revoked on the server. So far so good.

Problem is: even though the computer certificate has been revoked, the computer still authenticates without problems, and connects with VPN. We are using AnyConnect 2.4 by the way.

I've tried with cert-only authentication in the connection profile (cause maybe it was the radius letting me in), but I still get access.

Is there anything I have missed? Is there a setting somewhere where I have to configure a "deny access" for revoked certs?

Thanks in advance!


/Rasmus

1 Reply 1

rate
Level 1
Level 1

Never mind, I got it working

There was a new certificate auto-generated that I wasn't aware of. Revoked it, and it sta

rted working