first i had to define a HOST entry on the router for the VRF i was using my certificate trust point to work for.
second: I stopped using LDAP and forced it to download through HTTP for CRL.
now that said: what is your device, recently on the 15. train cisco has f'ckd the ISR IOS so that CRL checks dont work anymore.
i've had a ticket open for over 4 weeks now with them and 4 engineers.
the previous trains worked fine.. but most of the 15.x that i've tried has sh1t the bed.
my ASR on the other hand has no issues pulling the CRL.
----
also:
post:
sh cry pki crl
sh cry pki cert
thanks,
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.