10-28-2014 02:08 AM - edited 07-05-2021 01:49 AM
I need help. I'm trying to configure virtual WLC for EAP-TLS authentication. I configured that, but I don't know where I can set CRL (certificate revocation list) or OCSP (Online Certificate Status Protocol). I must to use this technolodgy for deny access for laid-off employees. |
10-28-2014 10:04 PM
Please refer to the link for configuring Cisco WLC EAP-TLS-
http://mrncciew.com/2013/04/22/configuring-eap-tls-on-wlc/
10-28-2014 11:07 PM
Thanks, but I saw this post. The question about CRL and OCSP is open.
01-06-2015 12:42 AM
as far as i know, they are embedded into the properties of each certificate. Look for the details of it.
it will be your RADIUS (NPS, ISE or WLC if doing the end tunnel termination) the one that request the CRL via http or ldap.
hope it helps
01-07-2015 02:06 PM
CRL and OCSP are both part of the certificate itself. Your CA must add the URL for these services when the cert is generated. The WLC does not get configured with the URL for these services. The WLC simply knows the Radius Server IP(s) and has the root cert installed so it can handle the TLS authentication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: