I have an ASA5550 with 8.0(3).
Our clients authenticate with a certificate enrolled from SubCA.
The SubCA-certificate enrolled to the ASA contains a CRL Distribution Point that is not reachable from ASA so i had to manually configure another one (via "crl configure...url...").
This CRL contains the path to the Delta CRL and it should be reachable from ASA (same path as manually configured) but the ASA doesn't retrieve the Delta CRL.
Revoked certificates still can get in...