Security

Reply
Occasional Contributor II
Posts: 14
Registered: ‎10-01-2010

Certificate revocation - CRL

Hello, How can I configure my controller to get CRL. Our customer publishes their CRL list via an http url.. So Aruba controller should be access to this URL and get CRL periodically..Then check cert revoke. There is a CRL location option in the controller, But I could not find how can I set it.. Controller should be learn CRL location from CDP info in the certificate. Note:They dont use OCSP service. Firmware: 6.1.2.8 Thanks,
Aruba Employee
Posts: 117
Registered: ‎09-21-2010

Re: Certificate revocation - CRL

[ Edited ]

I don't think the controller will automaticaly download the CRL distribution point and check for recovation status. You have to manually import the CRL to the controller and the controller will check the revocation status based on the imported list. CRL support is limited. I think the controller supports a total of 512 certificate serial number. The best option would be to move to OCSP. Hopefully someone else on the community have a workaround. 

 

For more information on CRL and OCSP see the ArubaOS user guide, chapter 11 certificate revocation.

 

Regards,

Sathya

Occasional Contributor I
Posts: 5
Registered: ‎11-17-2011

Re: Certificate revocation - CRL

If the CRL is for EAP-TLS authentication, consider ClearPass Policy Manager. It can download CRLs periodically via http URL.

 

Pattabhi.

Search Airheads
Showing results for 
Search instead for 
Did you mean: