Security

 View Only
last person joined: 17 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass CRL URL Download

This thread has been viewed 13 times

  • 1.  ClearPass CRL URL Download

    Posted Jul 22, 2022 07:31 AM
    When adding an external CRL URL into ClearPass (not the OnBoard CA but an external PKI) is the CRL file only downloaded by the active publisher or does every subscriber node also download its own individual copy of the CRL?  I can see from the admin guide that it appears revocation list checking is unavailable when there isn't a publisher present but I'm not sure if that is referring only to the OnBoard CA.


  • 2.  RE: ClearPass CRL URL Download
    Best Answer

    Posted Jul 22, 2022 09:53 AM
    Hi,
    CRL is only downloaded by publisher.
    Then the question is : is CRL replicated to all subscribers in the cluster or for each autentication subscriber to publisher communication is needed to CRL checking

    Personnaly I think CRL is synchonized in all cluster members (subscribers) .
    Original Message


  • 3.  RE: ClearPass CRL URL Download

    Posted Jul 22, 2022 09:58 AM
    That is how I've always understood it as well that the external CRL is always downloaded by the publisher only.  Thanks for confirming.
    Original Message