I'm not sure if this is the best fix, but there is a work around at least.
You need to disable the checking of validity of all certs in the chain against CRL.
Browse to Administration > Server Manager > Server Configuration > Click on the server
Browse to Service parameters > Radius Server.
Set Check the validity of all certificates in the chain against CRLs to False
After this it allows connections. Not sure what the security impact of this would be.
Original Message:
Sent: Oct 16, 2023 11:44 PM
From: ccalhoun
Subject: ClearPass CRL error: Different CRL Scope
Any solutions here also have the same problem that just started after the Enterprise CA setup was migrated to MS Server 2019.
Original Message:
Sent: Sep 25, 2023 06:37 AM
From: tom.christensen@tietoevry.com
Subject: ClearPass CRL error: Different CRL Scope
Hi. I got a similar problem. Did you find out what the problem was and solved the problem?
Original Message:
Sent: Feb 03, 2020 07:06 AM
From: Marian R��
Subject: ClearPass CRL error: Different CRL Scope
Hi Community,
a customer is faceing an issue with CRLs in ClearPass. He has an offline Root-CA and an online Sub-CA on microsoft server. Certificate based LAN auth is working fine until you load the crls into clearpass. There is an error in the logs:
verify error:num=44:Different CRL scope
I found some sources stating that the DP entry in the Cert and the IDP entry in the crl must match. I verified that both URLs are the same.
Any clue how to fix this?