Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Host checker running slow due to certificate revocation

markbwyr1_
New Contributor
‎10-04-2012 07:56:AM
‎10-04-2012 07:56:AM

Host checker running slow due to certificate revocation

We have an issue where host checker is taking a long time to run and it is because our machines do not have internet access and cannot check the CRL lists. We have disabled the checking in internet explorer of which we are using a mix of IE7 and IE8, but still it continues to try and check the CRL lists. Is it possile that host checker or any other juniper apps are trying to go out and check for CRLs?

 

I have tried to use process explorer to find which process is trying to talk to them, but the source ports never seem to show up.

 

Thanks,

Mark

0 Kudos
7 REPLIES 7
muttbarker_
Valued Contributor
‎10-04-2012 08:04:AM
‎10-04-2012 08:04:AM

Re: Host checker running slow due to certificate revocation

Host Checker will only do certificate checking if you specifically enable it as part of the client certificate definition.

0 Kudos
markbwyr1_
New Contributor
‎10-05-2012 12:27:AM
‎10-05-2012 12:27:AM

Re: Host checker running slow due to certificate revocation

What do you mean by client certificate definition, is this an option within the certificate or on the SA its self?

0 Kudos
muttbarker_
Valued Contributor
‎10-05-2012 05:04:AM
‎10-05-2012 05:04:AM

Re: Host checker running slow due to certificate revocation

What I meant was that with Host Check you specify the cert to check for. That cert is defined under:

 

System / Configuration / Certificates / Trusted Client CAs

 

The only terms certs will be checked for "status" - IE revoked or not, is if within the cert definition you have specifed to use OSCP / CRL for cert checking.

 

Hope clarifies my explaination.

0 Kudos
markbwyr1_
New Contributor
‎10-05-2012 07:50:AM
‎10-05-2012 07:50:AM

Re: Host checker running slow due to certificate revocation

ah ok, that makes sense. We do not have any of this selected and it is definately turned off in IE. I have checked the registry and its definately off, but there is still something that is checking and they can be stuck doing the host check for about 8 minutes while it keeps on trying to check CRLs.

0 Kudos
zanyterp_
Respected Contributor
‎01-12-2013 07:54:PM
‎01-12-2013 07:54:PM

Re: Host checker running slow due to certificate revocation

Which ESAP are you using? Are you still seeing this?
I am aware of this happening in one other instance & it was specific to 2(?) ESAP versions
0 Kudos
markbwyr1_
New Contributor
‎01-28-2013 04:38:AM
‎01-28-2013 04:38:AM

Re: Host checker running slow due to certificate revocation

It happens on all ESAP's. We update the ESAP every month. We use Netscreen and SSG firewalls and we cannot specify wildcard domain names, so we are having to use a proxy server to allow the traffic out.

0 Kudos
zanyterp_
Respected Contributor
‎01-29-2013 08:32:PM
‎01-29-2013 08:32:PM

Re: Host checker running slow due to certificate revocation

that is odd; there is only two or three versions that we know in which this happens. what versions are you seeing this happen?

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.