05-29-2002 08:14 AM - edited 02-21-2020 11:46 AM
Does anybody use a Microsoft CA server for their IPSEC connection between IPSEC routers.
I've got problems with the CRL check .....
05-30-2002 03:17 AM
Perhaps could you find some informations on the message I post about CRL(May 24) .
#############################
CRL Distribution Point on IOS
On IOS router - 12.2(8)T1, I want to configure the CRL Distribution Point in a Microsoft Windows 2000 environment (CA and ldap directory).
By default, the ldap URL include on certificate by the CA has the following syntax:
URL=ldap:///CN=Mobile-CA4,CN=htmob15s,...
With this certificate my IOS router search the CRL with a broadcast request:
ldap search: server=255.255.255.255, base=CN=Mobile-CA4,...
The router use a broadcast request even if I configure the "crl query URL" in the trustpoint definition:
crypto ca trustpoint Mobile-CA4
enrollment mode ra
enrollment url http://10.252.1.115:80/certsrv/mscep/mscep.dll
crl query ldap://10.252.1.115
The only way I find to download the CRL is to change on the CA the default ldap URL include in certificate by the following:
URL=ldap://10.252.1.100/CN=Mobile-CA4,CN=htmob15s,...
My questions are:
1) Witch CRL Distribution Point are use by the router (URL define on "crl query URL", or the URL include on certificate)?
2) Is it a way for configures the CRL download with de default CA setting?
Any suggestions will also be appreciated.
Thanks.
05-30-2002 11:50 PM
We don't want to deploy an LDAP server and we use instead an http server for the CRL URL.
You can change this in the CA server.
By the way did you get any answers for your questions ?
06-03-2002 05:20 AM
I'm still looking for an answer. I will appreciate if you have some idea.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide