Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2506
Views
0
Helpful
1
Replies

CRL with certificates on ASA 8.2

rate
Level 1
Level 1

‎06-28-2010 08:09 AM

Hi,

I've succesfully set up our ASA with SCEP against our internal Microsoft CA server, and sent requests for both a CA certificate and an ID cert. Both have been deployed successfully, and I can request the CRL list from the ASA with the internal CA certificate selected.

The CRL request is successful, and I can see in the CRL list, that my test computer is among those computer certificates revoked on the server. So far so good.

Problem is: even though the computer certificate has been revoked, the computer still authenticates without problems, and connects with VPN. We are using AnyConnect 2.4 by the way.

I've tried with cert-only authentication in the connection profile (cause maybe it was the radius letting me in), but I still get access.

Is there anything I have missed? Is there a setting somewhere where I have to configure a "deny access" for revoked certs?

Thanks in advance!


/Rasmus

Labels:
0 Helpful
1 Reply 1

rate
Level 1
Level 1

‎06-29-2010 01:37 AM

Never mind, I got it working

There was a new certificate auto-generated that I wasn't aware of. Revoked it, and it sta

rted working

0 Helpful
Customers Also Viewed These Support Documents