Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CRL Distribution Point on IOS

On IOS router - 12.2(8)T1, I want to configure the CRL Distribution Point in a Microsoft Windows 2000 environment (CA and ldap directory).

By default, the ldap URL include on certificate by the CA has the following syntax:

URL=ldap:///CN=Mobile-CA4,CN=htmob15s,...

With this certificate my IOS router search the CRL with a broadcast request:

ldap search: server=255.255.255.255, base=CN=Mobile-CA4,...

The router use a broadcast request even if I configure the "crl query URL" in the trustpoint definition:

crypto ca trustpoint Mobile-CA4

enrollment mode ra

enrollment url http://10.252.1.115:80/certsrv/mscep/mscep.dll

crl query ldap://10.252.1.115

The only way I find to download the CRL is to change on the CA the default ldap URL include in certificate by the following:

URL=ldap://10.252.1.100/CN=Mobile-CA4,CN=htmob15s,...

My questions are:

1) Witch CRL Distribution Point are use by the router (URL define on "crl query URL", or the URL include on certificate)?

2) Is it a way for configures the CRL download with de default CA setting?

Any suggestions will also be appreciated.

Thanks.

1 REPLY

Re: CRL Distribution Point on IOS

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

344
Views
0
Helpful
1
Replies
CreatePlease to create content