03-02-2009 09:06 AM - edited 07-03-2021 05:15 PM
Hi Guys,
Please can anyone help me. I am wondering how CRLs work with Cisco ACS Appliances.
I am having real problems finding a good document on it. As it is an appliance, I assume there are some funky things that need to happen, if your PKI is based all around windows inrastructure?
Many thx indeed,
Ken
03-06-2009 06:47 AM
ACS 4.0 supports certificate revocation by using the X.509 CRL profile. A CRL is a time-stamped list identifying revoked certificates; the list is signed by a certificate authority or CRL issuer, and made freely available in a public repository. ACS 4.0 periodically retrieves the CRLs from provisioned CRL Distribution Points by using Lightweight Directory Access Protocol (LDAP) or HyperText Transfer Protocol (HTTP), and stores them for use during EAP-Transport Layer Security (EAP-TLS) authentication. If the retrieved CRL contains the certificate that the user presents during an EAP-TLS authentication, ACS fails the authentication and denies access to the user. This capability is crucial due to frequent organizational changes and protects valuable company assets in case of fraudulent network use.
03-06-2009 06:57 AM
Excellent. Many thx indeed,
Do the Cisco Appliances, that are not part of an AD domain, but use remote agents, can they use a HTTP link?
Excellent stuff :)
Many thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide