04-05-2012 01:22 PM
04-05-2012 02:39 PM - edited 04-06-2012 09:35 AM
I don't think the controller will automaticaly download the CRL distribution point and check for recovation status. You have to manually import the CRL to the controller and the controller will check the revocation status based on the imported list. CRL support is limited. I think the controller supports a total of 512 certificate serial number. The best option would be to move to OCSP. Hopefully someone else on the community have a workaround.
For more information on CRL and OCSP see the ArubaOS user guide, chapter 11 certificate revocation.