Re: IOS CA and CRL Distribution Point

Hi Tyson,

Thanks for the information on this one. There just isnt much on it on the
web - even google didnt return much.

So how are we expected to know this url when the documentation does not
specify it?

Also, if my clients are going to be using SCEP, what is another possibility?

Thanks again,
Sadiq

On Mon, Aug 10, 2009 at 9:28 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

> Sadiq,
>
> The URL should be like the following:
>
> cdp-url http://<ip_or_hostname>/cgi-bin/pkiclient.exe?operation=GetCRL
>
> You can do it differently if you only have SCEP clients but as the above
> URL
> string will work with all client types I recommend using the URL as shown
> above.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S and Security
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
> Cell: +1.248.504.7309
> Fax: +1.810.454.0130
> Mailto: tscott_at_ipexpert.com
>
> Join our free online support and peer group communities:
> http://www.IPexpert.com/communities
>
> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On
> Demand
> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage
> Lab Certifications.
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Sadiq Yakasai
> Sent: Monday, August 10, 2009 3:19 PM
> To: Cisco certification; Cisco certification
> Subject: IOS CA and CRL Distribution Point
>
> Hi guys,
>
> I am trying to get information about configuration of a CRL on IOS CA. I
> have done abit of the searching on CCO but cant seem to lay a finger on the
> right document. A few questions I have in mind are:
>
> 1. Is the CRL configurable on the IOS CA at all?
> 2. Is there a default CRL when IOS CA is configured on a Cisco device?
>
> What I am trying to do is figure a CDP on a router (its a 2800 series
> router
> running 12.4T) against one of its interfaces. But I am just not completely
> sure what the URL should look like. For example (the IP address belongs to
> one of the interfaces of the router):
>
> crypto pki server IOSCA
> grant auto
> lifetime crl 24
> *cdp-url
> **http://163.1.12.2/test.iosca.crl*<http://163.1.12.2/test.iosca.crl>
>
> Any tips or pointers to a document I can read this up would be really
> appreciated.
>
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net