CRL with certificates on ASA 8.2

Unanswered Question
Jun 28th, 2010

Hi,

I've succesfully set up our ASA with SCEP against our internal Microsoft CA server, and sent requests for both a CA certificate and an ID cert. Both have been deployed successfully, and I can request the CRL list from the ASA with the internal CA certificate selected.

The CRL request is successful, and I can see in the CRL list, that my test computer is among those computer certificates revoked on the server. So far so good.

Problem is: even though the computer certificate has been revoked, the computer still authenticates without problems, and connects with VPN. We are using AnyConnect 2.4 by the way.

I've tried with cert-only authentication in the connection profile (cause maybe it was the radius letting me in), but I still get access.

Is there anything I have missed? Is there a setting somewhere where I have to configure a "deny access" for revoked certs?

Thanks in advance!


/Rasmus

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rate Tue, 06/29/2010 - 01:37

Never mind, I got it working

There was a new certificate auto-generated that I wasn't aware of. Revoked it, and it sta

rted working

Actions

This Discussion