RE: IOS CA and CRL Distribution Point

Here are the URL strings. This information is in the documentation.

http://www.cisco.com/en/US/customer/docs/ios/sec_secure_connectivity/configu
ration/guide/sec_cfg_mng_cert_serv_ps6441_TSD_Products_Configuration_Guide_C
hapter.html#wp1048975

Regards,

Tyson Scott - CCIE #13513 R&S and Security

Technical Instructor - IPexpert, Inc.

Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott_at_ipexpert.com

From: Sadiq Yakasai [mailto:sadiqtanko_at_gmail.com]
Sent: Monday, August 10, 2009 4:38 PM
To: Tyson Scott
Cc: Cisco certification; Cisco certification
Subject: Re: IOS CA and CRL Distribution Point

Hi Tyson,

Thanks for the information on this one. There just isnt much on it on the
web - even google didnt return much.

So how are we expected to know this url when the documentation does not
specify it?

Also, if my clients are going to be using SCEP, what is another possibility?

Thanks again,
Sadiq

On Mon, Aug 10, 2009 at 9:28 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

Sadiq,

The URL should be like the following:

cdp-url http://<ip_or_hostname>/cgi-bin/pkiclient.exe?operation=GetCRL

You can do it differently if you only have SCEP clients but as the above URL
string will work with all client types I recommend using the URL as shown
above.

Regards,
 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.

Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott_at_ipexpert.com
 
Join our free online support and peer group communities:
http://www.IPexpert.com/communities
 
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage
Lab Certifications.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Sadiq Yakasai
Sent: Monday, August 10, 2009 3:19 PM
To: Cisco certification; Cisco certification
Subject: IOS CA and CRL Distribution Point

Hi guys,

I am trying to get information about configuration of a CRL on IOS CA. I
have done abit of the searching on CCO but cant seem to lay a finger on the
right document. A few questions I have in mind are:

1. Is the CRL configurable on the IOS CA at all?
2. Is there a default CRL when IOS CA is configured on a Cisco device?

What I am trying to do is figure a CDP on a router (its a 2800 series router
running 12.4T) against one of its interfaces. But I am just not completely
sure what the URL should look like. For example (the IP address belongs to
one of the interfaces of the router):

crypto pki server IOSCA
 grant auto
 lifetime crl 24
 *cdp-url

**http://163.1.12.2/test.iosca.crl*<http://163.1.12.2/test.iosca.crl>

Any tips or pointers to a document I can read this up would be really
appreciated.

--
CCIE #19963
Blogs and organic groups at http://www.ccie.net