CSACS 4 and W2k3 Server Certificates...what is the LDAP CRL URL?

Unanswered Question
Sep 16th, 2008

HI

I've setup EAP-TLS wireless for testing. We've got it doing machine authentication and that part works just fine. I'm trying to setup CSACS 4.x to check the CRL published by the 2k3 CA Server but I can't seem to get the LDAP URL to be accepted by CSACS.

If I look at the CRL properties on the CA server, the "Published CRL Location" is as follows;

URL=ldap:///CN=server1,CN=server1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=securitytesting,DC=ca?certificateRevocationList?base?objectClass=cRLDistributionPoint

I've tried everything I can think of but cant seem to get CSACS to accept the URL. I've made sure to put in my host name (and tried IP address) between the ldap://10.1.1.254/CN=server1...............

Can anyone provide some help with this? Thanks

Jason

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gustavo Novais Fri, 09/19/2008 - 12:05

Hi, usually the Microsoft CA's (I don't if it is your case) have multiple URL's for checking the CRL, both LDAP and HTTP.

Via HTTP the ACS has no issues in getting the CRL list.

Have you tried it?

You could also try to remove the %20 in the url and replace them with spaces. Have seen a TAC doc where a similar problem was reported

HTH

Actions

This Discussion