Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

WebVPN/SSL VPN does not work with Public Key Infrastructure (PKI) and Online Certificate Status Protocol (OCSP) on the Cisco Adaptive Security Appliance (ASA)/PIX 7.2(1) and above

Core issue

This is a new feature. The ASA/PIX is not able to validate WebVPN/SSL VPN Client certificates using OCSP as the certificate revocation list (CRL) method in ASA 7.2(1) and above.


OCSP, which provides an alternative to CRL for obtaining the revocation status of X.509 digital certificates, is only supported for IPsec clients in ASA 7.2(1) and above..

Refer to OCSP for more details.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:32 PM
Updated by:
Labels (1)