(Preferred) When using a CA-signed CAS SSL certificate, check the "CRL
Distribution Points" field of the certificate (including intermediate
or root CA), and add the URL hosts to the allowed Host Policy of the
Unauthenticated/Temporary/Quarantine Roles. This will allow the Agent
to fetch the CRLs when logging in.
This does not work for me. I have even added the whole thawte.com
domain to the hosts listing and this does not solve the issue.
On Jan 14, 2008, at 5:31 PM, Jesse Dubois wrote:
Jason,
These are the two methods we recommend for dealing with this error:
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/412/412rn.html#wp113835
----------------------------
Jesse Dubois
[EMAIL PROTECTED]
919-392-6067
TAC AAA Team
RTP NC
9am - 5pm EST M-F
On Jan 14, 2008, at 4:51 PM, Jason Brown wrote:
We just recently installed Thawte certificates on our CCAS and we
are still getting the revocation errors on our clients that have
IE7 installed. I know you can go through the internet options and
have them de-select it in the security section however I would like
to get away from having to do this. I have added the
crl.thawte.com in the unauthenticated and temporary roles which
have not worked. Any ideas?
Thanks.
Jason Brown - Security+, Network+, Linux+, A+
Network Technician
Ferris State University
(231) 591-2687
