cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate authentication with Junos Pulse on SA

Highlighted
Valued Contributor

Re: Certificate authentication with Junos Pulse on SA

I checked the data and confirmed the SA is failing on the IDP attribute of the CRL.  After reviewing the difference between a working scenario in the lab, it was confirmed the IDP attribute must be marked as critical or the SA will consider the CRL as invalid per RFC#5280 (http://tools.ietf.org/html/rfc5280#page-65).

 

The solution would be either creating CRLs with the IDP attribute as critical or omitting this attribute from the CRL.

Highlighted
Occasional Contributor

[RESOLVED] - Re: Certificate authentication with Junos Pulse on SA

Thank you it's exactly the problem. We activate the bit critical on the IDP and now the SA 4500 accept the CRL : "Good" Certificate are accepted and "revoked" one are refused.

 

I'll close the case on the JTAC.

Highlighted
Valued Contributor

Re: [RESOLVED] - Re: Certificate authentication with Junos Pulse on SA

Thank you for the update and I have closed the JTAC case.