I want to configure Certificate Revocation List (CRL) on Cisco ISE version 2.0 but I can not find the configuration section for CRL, however OCSP configuration section is there.
I've done some researches and I found that configuring CRL was supported (at least on version 1.2), but on version 2.0 there is not any documentation about this (at least I couldn't find any). On this version "OCSP Client Profile" is the only section that can be found (under Administration > System > Certificates.
So the question is whether CRL is supported or OCSP is the only way on this version? If yes, how?
Yes, I want to use CRL(s) from external CA(s). That section where you are pointing to is for checking the downloaded CRL(s) ("Cisco ISE checks the Certificate Revocation Lists (CRL) periodically. Using this page, you can configure Cisco ISE to check ongoing sessions against CRLs that are downloaded automatically").
But my problem is that I don't know where I can configure the CRL(s) providers. In other words, where can I tell ISE "check this url which is the CRL provider/server's url and download the latest CRL" ?
I have an option which is "OCSP Client Profile" and I can set up OCSP provider(s) in there. But what about CRL?
I've attached a screenshot of options I have under Administration > System > Certificates
You are a life saver :) That's exactly what I was looking for.
So I have one CA server and 2 intermediate servers which are part of my certificate chain (Root < intermediate server 1/2 < Certificate). Those two intermediate servers are issuing server which are running in load balancing mode.
My final question is, "doing this step for both of those issuing servers is enough or I should do that for Root CA as well?"
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :