VPN with CA

Unanswered Question
Apr 24th, 2009


I'm implementing a VPN solution with CA certificate using Smart Cards.

I would know If someone has lost his card, How can I bloc it?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 04/24/2009 - 09:01

You would tipically implement CRL checking and make sure that when that happens you revoke the certificate on the lost card.

i.ennassiri Mon, 04/27/2009 - 04:52


I implemented CRL cheking but It doesn't work, bellow the configuration that I made.


crypto ca trustpoint server

revocation-check crl none

enrollment terminal

fqdn test.test.com

subject-name CN=test.test.com,OU=TSWEB, O=Cisco Systems,C=us,St=new ,L=new

keypair my.ca.key

crl configure

policy both

url 1

cache-time 1

no enforcenextupdate

no protocol ldap

no protocol scep


Have you an example of How to do that with a Microsoft CA Server.

Thanks for your help

Ivan Martinon Mon, 04/27/2009 - 07:14

Check your CRL url and see if the server is indeed listening on this port and path, as well your CRL setup is set to none, you need to at least define CRL optional before you need to check that the URL is valid.


This Discussion