Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco VPN 3000 install certificates


I have done the following based on the documentation for the Cosco VPN 3000:


Tasks Summary

Whether you use SCEP or the manual method, you perform the following tasks

to obtain and install certificates:

1.. Obtain and install one or more CA certificate(s).

2.. Create an enrollment request for one or more identity certificates.

3.. Request an identity certificate from the same CA that issued the CA


4.. Install the identity certificate on the VPN Concentrator.

5.. Enable CRL checking and caching.

6.. Enable certificates.


For step 5 CRL checking I did the following below:

For the CRL Retrieval Policy

I selected the below option:

Use CRL distribution points embedded in certificate being checked

but after I click on the link: Certificate Authorities [ View All CRL Caches

it does not show any CRL in Cache:

When I bring up the web site it still has the certificate from the SSL

Certificates from the Public interface instead of what I have within my

Identify Certificates. I presume that it is because I have no CRLs in Cache

but how do I get the CRLs in cache?



John J. Mitchell

New Member

Re: Cisco VPN 3000 install certificates

Under X.509, CAs revoke certificates by periodically issuing a signed CRL, where each revoked certificate is identified by its serial number.

CreatePlease to create content