From: Ryan B (rbenigno@xxxxxxxx)
Date: Fri Oct 06 2000 - 20:27:33 GMT-3
Anyone out there been successful in getting a CRL into a Pix firewall
or Router when using VeriSign OnSite as a CA? On a router running
12.1(3T) I'm getting the following from the debug's and the CRL
doesn't show up in the configs.
01:10:27: CRYPTO_PKI: set CRL update timer with delay: 1363F
01:10:27: CRYPTO_PKI: the current router time: 23:10:11 UTC Oct 6 2000
01:10:27: CRYPTO_PKI: the last CRL update time: 21:13:54 UTC Oct 6
2000
01:10:27: CRYPTO_PKI: the next CRL update time: 21:13:54 UTC Oct 7
2000
01:10:27: CRYPTO_PKI: status = 0: failed to get putkey from the
storage
01:10:27: CRYPTO_PKI: status = 65535: failed to get issuer pubkey in
cert
01:10:27: CRYPTO_PKI: status = 105: poll CRL successful
01:10:27: CRYPTO_PKI: transaction GetCRL completed
Supposedly the CRL issues with VeriSign are resolved in the 5.2 pix
software... Can anyone confirm this? We're still waiting for the
16mb flash upgrade for our 520 so we can upgrade to 5.2...
Another issue we're having is that the IRE client can't do online
certificate requests, we have to do file requests then import them...
Anyone else seen this?
I appreciate any info anyone may have...
Ryan Benigno, CCIE #5847
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:24 GMT-3