Hi,
ClearPass radius server will run CRL check for all the certificates (client cert + Intermediate CA(s) + Root) in the chain by default, based on the CRLs presence.
The error means that ClearPass failed to get CRL for one of the certificates in the chain (which could root or intermediate CA).
If you have the correct CRL configured for the user cert, then the below error is not of the user cert (meaning- user cert auth will not succeed if it is revoked) and should be of intermediate or root CA. As Vikram suggested, you can configure the CRLs of all the certs in the chain to resolve this error.
@KamiB wrote:
Hi,
INFO RadiusServer.Radius - --> verify error:num=3:unable to get certificate CRL - ignoring
What does it mean? It seems like users certificate is not checked in CRL, but it is ignored and user is authenticated. Right?
Thanks
Kamil
Refer the service parameter "Check the validity of all certificates in the chain against CRLs" below link,
https://www.arubanetworks.com/techdocs/ClearPass/6.8/PolicyManager/index.htm#CPPM_UserGuide/Admin/ServerConfig_serviceparamsradiusserver.htm