Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

The ACS fails to retrieve Certificate Revocation List (CRL) and the "Failed to retrieve CRL" error message appears

Core issue

There can be many reasons if ACS fails to retrieve CRL, however one of the common reasons is if CRL Distribution URL is in this form:

http://Example.CRL/CertEnroll/example%20Global%20CA.crl

Notice that this URL has %20 for extra space.

Resolution

In order to resolve this issue, edit the certificate revocation list issuer:

  1. In the navigation bar, choose System Configuration.

  2. Choose ACS Certificate Setup.

  3. Choose Certificate Revocation Lists.

    The CRL Issuers page appears.

  4. Choose the name of the CRL issuer that you want to edit.

    The system displays the CRL Issuer Edit page for the CRL that you chose.

  5. Edit the information, make sure that CRL Distribution URL,doesnot have %20 for space, or other similar characters.

    For example:

    If CRL Distribution URL is in this form:

    http://Example.CRL/CertEnroll/example%20Global%20CA.crl

    then change it to

    http://Example.CRL/CertEnroll/example Global CA.crl “.

    Replace the %20 with space.


  6. Choose Submit.

    The corresponding CRL is changed in ACS to that of the edited issuer or is scheduled to be changed at the time that you specify in the Retrieve CRL field.
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:39 PM
Updated by:
 
Labels (1)