Cisco Bug: CSCul58880 - IOS PKI RA does not forward CRL request to CA
Nov 27, 2020
- Cisco 2600 Series Multiservice Platforms
Known Affected Releases
Symptom: With an IOS Certificate Server operating in RA (Registration Authority) mode, when it receives a CRL (Certificate Revocation List) request from a PKI client, it does not forward the request to the CA (Certificate Authority). If the RA does not have a locally cached CRL, then the CRL validation will fail. Conditions: This is problem when an IOS is configured as a Certificate Server in RA mode, and if there is no explicit CDP (CRL Distribution Point) configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases