Microsoft CA and Active Directory CRL

Unanswered Question
May 11th, 2009

We have been working on getting our routers to bring up a DMVPN using a Microsoft CA and Active Directory CRL. If we configure the routers to by-pass the CRL revocation check it will come up (revocation-check crl none). If we require the CRL which is stored in Active Directory it fails every time (revocation-check crl).

Has anyone been able to use a Active Directory CRL LDAP URL?

Thanks for the help in advanced!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Maxim Zimovets Mon, 05/11/2009 - 23:41

You should better announce crl to http and then IOS can successfully take it via scep instead of ldap.

Maxim

Actions

This Discussion