hi every one,
i have anyconnect with certificate based authentication. i can see if i remove root and subCA from client certificate store in windows7. i can see that with only client certificate user gets access.
however i have configured it for CRL check as well and CRL only checks the user certificate not the whole chain.
i have ROOT CA and SUBCA installed on cisco asa.
is this safe that it should only check client certificate for revocation not the whole cert chain?
can it be configured to check the whole certificate chain from client side instead of only client cert. ?