Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CRL times out and sessions drop

Hi,

I am new to the IOS CA feature. I set the CRL timeout deliberatley low on the IOS CA to 24 hours. The router certificates are valid for 2 days. The CRL times out and all the remote routers drop their sessions complaining that the CRL is invalid. I can understand that the CRL is indeed invalid - it's timed out. However, I thought that the CA should automatically regenerate a new CRL? It appears NOT to be doing this? Any ideas? This is the config on my IOS CA.

crypto pki server CA

database level complete

database url nvram

issuer-name CN=CA,O=Steve's Systems

lifetime crl 24

lifetime certificate 2

lifetime ca-certificate 1825

Thanks, Steve

2 REPLIES
Silver

Re: CRL times out and sessions drop

Try resetting CRL to defaults

New Member

Re: CRL times out and sessions drop

Hi Steve,

I have exactly the same problem, I think. I have an IOS CRL which does not get regenerated, did you ever find a solution for this problem?

Regards

Mike Street

123
Views
0
Helpful
2
Replies
CreatePlease to create content