2. The default is crl which means that its required. I do believe it uses SCEP to obtain your crls.
3. The ldap command is used to tell the router where to query for the crl if the location is not in the certificate. In order to do crl checking with microsoft, AD is required to be installed whether locally or on another box. If its local, then the crl location will be in the certificate. If its not, you will need to specify in the router where the crl is contained using the ldap command.
4. Not gonna happen if the router thinks it has the most current crl, then no reason to go check until that crl has expired. Even if you force the router to go check for a new crl, until the Microsoft server publish's a new crl, it will always get the same crl because Microsoft is in charge of that distribution. You can change the default on the server from 7 days to a shorter interval, say 1 hour. You can also force the server to publish a new crl without changing the interval. At that point you can then request the new crl on the router with your ca crl request ca_name. In other words, its not a Cisco configuration issue that you can change.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :