VPN with CA

i.ennassiri · ‎04-24-2009

Hello,

I'm implementing a VPN solution with CA certificate using Smart Cards.

I would know If someone has lost his card, How can I bloc it?

thanks

Ivan Martinon · ‎04-24-2009

You would tipically implement CRL checking and make sure that when that happens you revoke the certificate on the lost card.

i.ennassiri · ‎04-27-2009

Hello,

I implemented CRL cheking but It doesn't work, bellow the configuration that I made.

_______________________________________________________________

crypto ca trustpoint server

revocation-check crl none

enrollment terminal

fqdn test.test.com

subject-name CN=test.test.com,OU=TSWEB, O=Cisco Systems,C=us,St=new ,L=new

keypair my.ca.key

crl configure

policy both

url 1 http://192.168.10.191/certsrv/certcrl.crl

cache-time 1

no enforcenextupdate

no protocol ldap

no protocol scep

_______________________________________________________________

Have you an example of How to do that with a Microsoft CA Server.

Thanks for your help

i.ennassiri · ‎04-27-2009

I've received the Error in the Attached file

Ivan Martinon · ‎04-27-2009

Check your CRL url and see if the server is indeed listening on this port and path, as well your CRL setup is set to none, you need to at least define CRL optional before you need to check that the URL is valid.