Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CRL query stuck on LDAP only

Status
Not open for further replies.

imbadatthis

Technical User
Aug 16, 2009
404
CA
Howdy,
Cisco 3900, Router, certificate issue:

the CRL Distribution points provide me with an LDAP and HTTP query.
myunderstanding is that it should cycle through them when one fails.

I need to figure out how to force it to d/l CRList off the http crl ?

config im using :
Code:
crypto pki trustpoint NAME
 enrollment retry count 5
 enrollment retry period 3
 enrollment mode ra
 enrollment url [URL unfurl="true"]http://172.YY.ZZ.ZZX/certsrv/mscep/mscep.dll[/URL]
 serial-number
 ip-address 172.XX.XXX.YYY
 query certificate
 vrf SOMETHING
 revocation-check crl

when I issue a crypto pki crl request TRUSTPIONT_NAME

i get the error message that the LDAP server could not be reached.
but it doesn't move on from there...

certificate is VALID and shows status as granted with the CA trusted.
when I check the certificate itself I do see both HTTP and LDAP CDP's in there... (CRL dist points) .

any help would be appreciated as this is driving me nuts :(

Code:
error:
MDT: %PKI-4-CRL_LDAP_QUERY: An attempt to retrieve the CRL from ldap://...........


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
hellloo... is this thing on ? :p


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
resolved......


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top