I am currently experiencing

Wil Cha · ‎02-16-2014

Hi All,

I'm receiving daily system errors from ACS but unsure how to fix the issue. The following is the error I receive

Severity :	Error
Time Range :	February 17, 2014 09:08:00.000 AM - February 17, 2014 09:10:00.000 AM

Generated on February 17, 2014 9:14:56 AM EST

Logged At	Severity	Message	Category	Code	Details	ACS Instance
February 17,2014 9:09:06.936 AM	ERROR	Could not add Certificate Revocation List	CSCOacs_Internal_Operations_Diagnostics	33401	LastErrorMessage=CRL PKI verification failed Certificate Revocation list Url=http://XXXca01.<omitted>.au/CertEnroll/cs-XXXCA01-CA.crl	XXXACS02
February 17,2014 9:08:31.916 AM	ERROR	Could not download Certificate Revocation List	CSCOacs_Internal_Operations_Diagnostics	33402	LastErrorMessage=Failed performing HTTP GET with error: Timeout was reached Certificate Revocation list Url=http://YYYca01.<omitted>.au/CertEnroll/cs-YYYCA01-CA.crl	YYYACS02

Looks like it is unable to perform certificate recovation on particular CA servers onsite but there doesn't seem to be much configuration options in ACS? Would this be an issue with the onsite CA server?

Thanks in advance.

Regards

Wil

Wil Cha · ‎02-16-2014

No Cisco ACS experts available?

Saurav Lodh · ‎02-17-2014

what ACS version it is ? Please use OCSP services , an alternative to CRL

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/net_resources.html#wp1133154

cmonks119 · ‎03-20-2015

Same issue here, ACS 5.2 (OCSP not available). Are there bugs/issues/workarounds for CRL PKI failing with ACS 5.2 and Microsoft CAs?

benediktdiehl · ‎04-08-2015

I am currently experiencing the exact same issue!
Could currently need some advice from an acs expert too.

jayage · ‎01-18-2018

We got the same on 5.6
Any advice?

ACS - System Errors - Could not add Certificate Revocation List