I am having an issue trying to configure a CRL for my controller certificates.
I already have a windows PKI running, with a working CRL. Have issued a certificate to the controller and uploaded both this and the CA root to the controller. These are to be used for IKEv1 certificate authentification for the controller. This is working well. I also have a public SSL certificate installed for management.
The certificate is working well, I have tested ike authentication through certificate and it works well. Now I wanted to configure the CRL so I can reject clients with revoked certificates trying to connect to the Aruba controller (With the Aruba VIA client).
Reading through the user manaul here I find the info a bit scarce really. It tells you the basic info like give the inputs and press upload, but doesn't give much of insight into what info :)
I have the certificates, and I have a url which gives me a downloadable .CRL file with the revocation info in it. I am aware that the CRL is signed by the CA, so you would need to bind a crl location to a certificate to validate the authenticity of the CRL info you receive.
Now my issue is that when I try to upload a CRL certificate I get a "Error in CRL format" message, and here is where I have a few questions.
What certificate are you supposed to use here, the CAroot certificate? The issued controller certificate?
What requirements is there for this certificate?
Currently I don't have a CRL info in the issued controller certificate, and CA root certificates is better off without it.
Is there a bit more info on this to be found?