Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ACS Appliance - How do CRLs work?

Hi Guys,

Please can anyone help me. I am wondering how CRLs work with Cisco ACS Appliances.

I am having real problems finding a good document on it. As it is an appliance, I assume there are some funky things that need to happen, if your PKI is based all around windows inrastructure?

Many thx indeed,



Re: Cisco ACS Appliance - How do CRLs work?

ACS 4.0 supports certificate revocation by using the X.509 CRL profile. A CRL is a time-stamped list identifying revoked certificates; the list is signed by a certificate authority or CRL issuer, and made freely available in a public repository. ACS 4.0 periodically retrieves the CRLs from provisioned CRL Distribution Points by using Lightweight Directory Access Protocol (LDAP) or HyperText Transfer Protocol (HTTP), and stores them for use during EAP-Transport Layer Security (EAP-TLS) authentication. If the retrieved CRL contains the certificate that the user presents during an EAP-TLS authentication, ACS fails the authentication and denies access to the user. This capability is crucial due to frequent organizational changes and protects valuable company assets in case of fraudulent network use.

New Member

Re: Cisco ACS Appliance - How do CRLs work?

Excellent. Many thx indeed,

Do the Cisco Appliances, that are not part of an AD domain, but use remote agents, can they use a HTTP link?

Excellent stuff :)

Many thx

CreatePlease to create content