Have you looked at this? http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/47rn.html#wp606982
-Mike On 27/01/2010 12:28 PM, Kyle Torkelson wrote:
I agree...All of a sudden a bunch of laptops that were working this month are failing the Certificate Revocation...I have added and enabled ".ipsca.com" and "ends" to the Unauthenticated/Temporary/Quarantine roles per the release notes and config docs for 4.7.1 but it seems like this week I've had to turn off the revocation checking on each client... Perhaps, IPSCA CRL site is experiencing problems?? Or, is this a Cisco issue?? Kyle -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Mike Diggins Sent: Tuesday, January 26, 2010 5:50 PM To: [email protected] Subject: Re: IPSCA Certificate Revocation I see this periodically with our Verisign certificates on CCA 4.1.10 (Agent), but there doesn't seem to be any pattern to it. A computer that is working fine will suddenly start getting Certificate Revocation Check failures. Then it will start working again and all is fine. In 4.7.1 they allow you to turn off the CRL check, which I plan to do, if we ever get there! -Mike On Tue, 26 Jan 2010, Kyle Torkelson wrote:Are any other schools getting the Certificate Revocation error when using IPSCA certificates? I thought that if I added the CRL distribution point as a host under Traffic Control for all of my User Roles to connect to that that would allow XP, Vista, and Windows 7 to connect to and check. However, I’ve had to start doing the “uncheck check for server and publisher cert revocation) as a temporary workaround. Any suggestions???
<<attachment: mike_diggins.vcf>>
