RE: IOS CA and CRL Distribution Point

Sadiq,

The URL should be like the following:

cdp-url http://<ip_or_hostname>/cgi-bin/pkiclient.exe?operation=GetCRL

You can do it differently if you only have SCEP clients but as the above URL
string will work with all client types I recommend using the URL as shown
above.

Regards,
 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.

Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott_at_ipexpert.com
 
Join our free online support and peer group communities:
http://www.IPexpert.com/communities
 
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage
Lab Certifications.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Sadiq Yakasai
Sent: Monday, August 10, 2009 3:19 PM
To: Cisco certification; Cisco certification
Subject: IOS CA and CRL Distribution Point

Hi guys,

I am trying to get information about configuration of a CRL on IOS CA. I
have done abit of the searching on CCO but cant seem to lay a finger on the
right document. A few questions I have in mind are:

1. Is the CRL configurable on the IOS CA at all?
2. Is there a default CRL when IOS CA is configured on a Cisco device?

What I am trying to do is figure a CDP on a router (its a 2800 series router
running 12.4T) against one of its interfaces. But I am just not completely
sure what the URL should look like. For example (the IP address belongs to
one of the interfaces of the router):

crypto pki server IOSCA
 grant auto
 lifetime crl 24
 *cdp-url
**http://163.1.12.2/test.iosca.crl*<http://163.1.12.2/test.iosca.crl>

Any tips or pointers to a document I can read this up would be really
appreciated.

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net