Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Client CRL Checking Final Config

smartd
Contributor
‎03-01-2017 04:17:PM
‎03-01-2017 04:17:PM

Client CRL Checking Final Config

I was failing CRL checking, causing clients to not be able to login. Here's the final config I'm using (3 level CAs).
Machine-Cert --> CAISSUEWA1 --> CAISSUE1 --> CAROOT

1. The client issuing CA (CAISSUEWA1) should have CRL Checking Options set to use: "CDP specified in client certificates". if that is being published.
- Tick Verify Trusted Client CA
- Tick Trusted for Client Authentication
- Untick Participate in Client Certificate Negotiation.

2. The issuing CA (CAISSUEWA1) has the CRL URL of its parent CA (CAISSUE1) in its cert. Copy this URL and paste it in the CRL option of its parent using CRL Checking Option: "manually configured CDP".
- Tick Verify Trusted Client CA
- Tick Trusted for Client Authentication
- Untick Participate in Client Certificate Negotiation.

3. The Root CA (CAROOT) has CRL disabled.
- Untick Verify Trusted Client CA
- Tick Trusted for Client Authentication
- Untick Participate in Client Certificate Negotiation.
0 Kudos
Reply
1 REPLY 1
zanyterp
Moderator
Moderator
‎03-02-2017 01:58:AM
‎03-02-2017 01:58:AM

Re: Client CRL Checking Final Config

Which one is failing?
Did enabling the CRLon root work?
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.