Hi,
CRL is only downloaded by publisher.
Then the question is : is CRL replicated to all subscribers in the cluster or for each autentication subscriber to publisher communication is needed to CRL checking
Personnaly I think CRL is synchonized in all cluster members (subscribers) .
Original Message:
Sent: Jul 22, 2022 07:30 AM
From: Unknown User
Subject: ClearPass CRL URL Download
When adding an external CRL URL into ClearPass (not the OnBoard CA but an external PKI) is the CRL file only downloaded by the active publisher or does every subscriber node also download its own individual copy of the CRL? I can see from the admin guide that it appears revocation list checking is unavailable when there isn't a publisher present but I'm not sure if that is referring only to the OnBoard CA.