12-30-2004 08:29 AM
We're trying to implement certificates on our VPN 3060s. I can get it working great until I enable CRL checking. According to the log, the concentrator sucessfully retrieves the CRL.
I get the following errors:
1381 12/29/2004 11:17:19.670 SEV=3 CAPI/25 RPT=6 CAPI - Invalid RSA PKCS1 decryption payload length (256) provided
1386 12/29/2004 11:17:19.680 SEV=4 IKE/80 RPT=45 192.168.1.1 Group [Corporate] Certificate validation failure, Invalid CRL signature
I have an open case with Cisco and am awaiting a response from them.
Has anyone else see this issue?
Shawn
01-05-2005 02:24 PM
Did you try revoking a cert to see if it helps?
01-05-2005 03:24 PM
Yes we did. The CRL version number increments and we still have the same error. At this point it's in the hands of the developers at Cisco to figure it out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide