Security

 View Only
  • 1.  ClearPass CRL URL Download

    Posted Jul 22, 2022 07:31 AM
    When adding an external CRL URL into ClearPass (not the OnBoard CA but an external PKI) is the CRL file only downloaded by the active publisher or does every subscriber node also download its own individual copy of the CRL?  I can see from the admin guide that it appears revocation list checking is unavailable when there isn't a publisher present but I'm not sure if that is referring only to the OnBoard CA.


  • 2.  RE: ClearPass CRL URL Download
    Best Answer

    Posted Jul 22, 2022 09:53 AM
    Hi,
    CRL is only downloaded by publisher.
    Then the question is : is CRL replicated to all subscribers in the cluster or for each autentication subscriber to publisher communication is needed to CRL checking

    Personnaly I think CRL is synchonized in all cluster members (subscribers) .


  • 3.  RE: ClearPass CRL URL Download

    Posted Jul 22, 2022 09:58 AM
    That is how I've always understood it as well that the external CRL is always downloaded by the publisher only.  Thanks for confirming.