ACS 4.1 (1.3) for windows CRL problem

Unanswered Question
Nov 12th, 2009
User Badges:

I've configured new CA in the Certification trusted list, when I go to the CRL configuring menu, and I check the "CRL in use" and I push over the "submit" label to activate it, I always receive the same message: Failed to retrieve or verify CRL. Verify the CRL Distribution URL.


The message from de ADM.log is the next:

CRL: CRL: failed to find an issuer's certificate for crl C:\Archivos de programa\CiscoSecure ACS v4.1\CRL\acs1([email protected]).crl


The CRL Distribution URL is:http://10.252.252.4/crl.crl

Nevertheless, If I do a Remote terminal session to the 2K3 windows server where the Cisco ACS software is installed, and try to open an I.e. session to the same URL where the crl file is allocated, I can download perfectly.

This procedure needs to be OK,in order to perform a EAP-TLS session with wireless client against external LDAP data base.


Where is my mistake?

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ansalaza Thu, 11/12/2009 - 11:45
User Badges:
  • Cisco Employee,

"Might" be hitting:

CSCsg61729 - ACS fails to find an issuer's certificate for CRL list uploaded from CDP


ACS will sometimes take the CRL pointer from the root certificate, even if the CRL URL is configured to point to a different system.


Do you already have the CA installed in ACS?



e.bayon Fri, 11/13/2009 - 01:33
User Badges:

Yes I have installed the certificate in ACS application (CTL) and the W2k3 server I.e content tools menu.

The CA is not a Microsoft Certs Server is a Autonomous server wich is istalled a software to generate certificates

I want to use this certificate only for EAP-TLS connections purpose, because the ACS web page is certicated with Cisco ACS self signed certificate. Could it be the problem?

Actions

This Discussion