Cisco ACS Appliance - How do CRLs work?

Unanswered Question
Mar 2nd, 2009
User Badges:

Hi Guys,


Please can anyone help me. I am wondering how CRLs work with Cisco ACS Appliances.


I am having real problems finding a good document on it. As it is an appliance, I assume there are some funky things that need to happen, if your PKI is based all around windows inrastructure?


Many thx indeed,

Ken

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
didyap Fri, 03/06/2009 - 06:47
User Badges:
  • Silver, 250 points or more

ACS 4.0 supports certificate revocation by using the X.509 CRL profile. A CRL is a time-stamped list identifying revoked certificates; the list is signed by a certificate authority or CRL issuer, and made freely available in a public repository. ACS 4.0 periodically retrieves the CRLs from provisioned CRL Distribution Points by using Lightweight Directory Access Protocol (LDAP) or HyperText Transfer Protocol (HTTP), and stores them for use during EAP-Transport Layer Security (EAP-TLS) authentication. If the retrieved CRL contains the certificate that the user presents during an EAP-TLS authentication, ACS fails the authentication and denies access to the user. This capability is crucial due to frequent organizational changes and protects valuable company assets in case of fraudulent network use.

kfarrington Fri, 03/06/2009 - 06:57
User Badges:

Excellent. Many thx indeed,


Do the Cisco Appliances, that are not part of an AD domain, but use remote agents, can they use a HTTP link?


Excellent stuff :)


Many thx

Actions

This Discussion

 

 

Trending Topics - Security & Network