Hi,
Thanks, we are aware how crl works, my question is,
If the local crl file expires and, due to network connectivity issues, the new crl cannot be downloaded, will clearpass deny or accept any incoming tls connections.
For example, with NPS, Cisco ISE and other radius servers you have the option to ignore a failed crl and allow connections to proceed. This is also know as failing open.
T.