Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

CSACS 4 and W2k3 Server Certificates...what is the LDAP CRL URL?

jasonhumes
Level 1
Level 1

‎09-16-2008 01:17 PM - edited ‎03-10-2019 04:05 PM

HI

I've setup EAP-TLS wireless for testing. We've got it doing machine authentication and that part works just fine. I'm trying to setup CSACS 4.x to check the CRL published by the 2k3 CA Server but I can't seem to get the LDAP URL to be accepted by CSACS.

If I look at the CRL properties on the CA server, the "Published CRL Location" is as follows;

URL=ldap:///CN=server1,CN=server1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=securitytesting,DC=ca?certificateRevocationList?base?objectClass=cRLDistributionPoint

I've tried everything I can think of but cant seem to get CSACS to accept the URL. I've made sure to put in my host name (and tried IP address) between the ldap://10.1.1.254/CN=server1...............

Can anyone provide some help with this? Thanks

Jason

Labels:
0 Helpful
1 Reply 1

Gustavo Novais
Level 1
Level 1

‎09-19-2008 12:05 PM

Hi, usually the Microsoft CA's (I don't if it is your case) have multiple URL's for checking the CRL, both LDAP and HTTP.

Via HTTP the ACS has no issues in getting the CRL list.

Have you tried it?

You could also try to remove the %20 in the url and replace them with spaces. Have seen a TAC doc where a similar problem was reported

HTH

0 Helpful
Customers Also Viewed These Support Documents