Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Microsoft CA server and Cisco IPSEC IOS ?

Does anybody use a Microsoft CA server for their IPSEC connection between IPSEC routers.

I've got problems with the CRL check .....

New Member

Re: Microsoft CA server and Cisco IPSEC IOS ?

Perhaps could you find some informations on the message I post about CRL(May 24) .


CRL Distribution Point on IOS

On IOS router - 12.2(8)T1, I want to configure the CRL Distribution Point in a Microsoft Windows 2000 environment (CA and ldap directory).

By default, the ldap URL include on certificate by the CA has the following syntax:


With this certificate my IOS router search the CRL with a broadcast request:

ldap search: server=, base=CN=Mobile-CA4,...

The router use a broadcast request even if I configure the "crl query URL" in the trustpoint definition:

crypto ca trustpoint Mobile-CA4

enrollment mode ra

enrollment url

crl query ldap://

The only way I find to download the CRL is to change on the CA the default ldap URL include in certificate by the following:


My questions are:

1) Witch CRL Distribution Point are use by the router (URL define on "crl query URL", or the URL include on certificate)?

2) Is it a way for configures the CRL download with de default CA setting?

Any suggestions will also be appreciated.


New Member

Re: Microsoft CA server and Cisco IPSEC IOS ?

We don't want to deploy an LDAP server and we use instead an http server for the CRL URL.

You can change this in the CA server.

By the way did you get any answers for your questions ?

New Member

Re: Microsoft CA server and Cisco IPSEC IOS ?

I'm still looking for an answer. I will appreciate if you have some idea.

CreatePlease login to create content