Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSACS 4 and W2k3 Server Certificates...what is the LDAP CRL URL?

HI

I've setup EAP-TLS wireless for testing. We've got it doing machine authentication and that part works just fine. I'm trying to setup CSACS 4.x to check the CRL published by the 2k3 CA Server but I can't seem to get the LDAP URL to be accepted by CSACS.

If I look at the CRL properties on the CA server, the "Published CRL Location" is as follows;

URL=ldap:///CN=server1,CN=server1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=securitytesting,DC=ca?certificateRevocationList?base?objectClass=cRLDistributionPoint

I've tried everything I can think of but cant seem to get CSACS to accept the URL. I've made sure to put in my host name (and tried IP address) between the ldap://10.1.1.254/CN=server1...............

Can anyone provide some help with this? Thanks

Jason

1 REPLY
New Member

Re: CSACS 4 and W2k3 Server Certificates...what is the LDAP CRL

Hi, usually the Microsoft CA's (I don't if it is your case) have multiple URL's for checking the CRL, both LDAP and HTTP.

Via HTTP the ACS has no issues in getting the CRL list.

Have you tried it?

You could also try to remove the %20 in the url and replace them with spaces. Have seen a TAC doc where a similar problem was reported

HTH

124
Views
0
Helpful
1
Replies