imbadatthis
Technical User
Howdy,
Cisco 3900, Router, certificate issue:
the CRL Distribution points provide me with an LDAP and HTTP query.
myunderstanding is that it should cycle through them when one fails.
I need to figure out how to force it to d/l CRList off the http crl ?
config im using :
when I issue a crypto pki crl request TRUSTPIONT_NAME
i get the error message that the LDAP server could not be reached.
but it doesn't move on from there...
certificate is VALID and shows status as granted with the CA trusted.
when I check the certificate itself I do see both HTTP and LDAP CDP's in there... (CRL dist points) .
any help would be appreciated as this is driving me nuts
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
Cisco 3900, Router, certificate issue:
the CRL Distribution points provide me with an LDAP and HTTP query.
myunderstanding is that it should cycle through them when one fails.
I need to figure out how to force it to d/l CRList off the http crl ?
config im using :
Code:
crypto pki trustpoint NAME
enrollment retry count 5
enrollment retry period 3
enrollment mode ra
enrollment url [URL unfurl="true"]http://172.YY.ZZ.ZZX/certsrv/mscep/mscep.dll[/URL]
serial-number
ip-address 172.XX.XXX.YYY
query certificate
vrf SOMETHING
revocation-check crl
when I issue a crypto pki crl request TRUSTPIONT_NAME
i get the error message that the LDAP server could not be reached.
but it doesn't move on from there...
certificate is VALID and shows status as granted with the CA trusted.
when I check the certificate itself I do see both HTTP and LDAP CDP's in there... (CRL dist points) .
any help would be appreciated as this is driving me nuts
Code:
error:
MDT: %PKI-4-CRL_LDAP_QUERY: An attempt to retrieve the CRL from ldap://...........
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.