Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
2
Replies

VPN Certificate CRL issues

shawnmchenry
Level 1
Level 1

‎12-30-2004 08:29 AM

We're trying to implement certificates on our VPN 3060s. I can get it working great until I enable CRL checking. According to the log, the concentrator sucessfully retrieves the CRL.

I get the following errors:

1381 12/29/2004 11:17:19.670 SEV=3 CAPI/25 RPT=6 CAPI - Invalid RSA PKCS1 decryption payload length (256) provided

1386 12/29/2004 11:17:19.680 SEV=4 IKE/80 RPT=45 192.168.1.1 Group [Corporate] Certificate validation failure, Invalid CRL signature

I have an open case with Cisco and am awaiting a response from them.

Has anyone else see this issue?

Shawn

Labels:
0 Helpful
2 Replies 2

pradeepde
Level 5
Level 5

‎01-05-2005 02:24 PM

Did you try revoking a cert to see if it helps?

0 Helpful

shawnmchenry
Level 1
Level 1
In response to pradeepde

‎01-05-2005 03:24 PM

Yes we did. The CRL version number increments and we still have the same error. At this point it's in the hands of the developers at Cisco to figure it out.

0 Helpful
Customers Also Viewed These Support Documents