cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2476
Views
0
Helpful
1
Replies

CRL with certificates on ASA 8.2

rate
Level 1
Level 1

Hi,

I've succesfully set up our ASA with SCEP against our internal Microsoft CA server, and sent requests for both a CA certificate and an ID cert. Both have been deployed successfully, and I can request the CRL list from the ASA with the internal CA certificate selected.

The CRL request is successful, and I can see in the CRL list, that my test computer is among those computer certificates revoked on the server. So far so good.

Problem is: even though the computer certificate has been revoked, the computer still authenticates without problems, and connects with VPN. We are using AnyConnect 2.4 by the way.

I've tried with cert-only authentication in the connection profile (cause maybe it was the radius letting me in), but I still get access.

Is there anything I have missed? Is there a setting somewhere where I have to configure a "deny access" for revoked certs?

Thanks in advance!


/Rasmus

1 Reply 1

rate
Level 1
Level 1

Never mind, I got it working

There was a new certificate auto-generated that I wasn't aware of. Revoked it, and it sta

rted working

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: