CRL with certificates on ASA 8.2

Unanswered Question
Jun 28th, 2010
User Badges:


I've succesfully set up our ASA with SCEP against our internal Microsoft CA server, and sent requests for both a CA certificate and an ID cert. Both have been deployed successfully, and I can request the CRL list from the ASA with the internal CA certificate selected.

The CRL request is successful, and I can see in the CRL list, that my test computer is among those computer certificates revoked on the server. So far so good.

Problem is: even though the computer certificate has been revoked, the computer still authenticates without problems, and connects with VPN. We are using AnyConnect 2.4 by the way.

I've tried with cert-only authentication in the connection profile (cause maybe it was the radius letting me in), but I still get access.

Is there anything I have missed? Is there a setting somewhere where I have to configure a "deny access" for revoked certs?

Thanks in advance!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rate Tue, 06/29/2010 - 01:37
User Badges:

Never mind, I got it working

There was a new certificate auto-generated that I wasn't aware of. Revoked it, and it sta

rted working


This Discussion