Preview Tool

Cisco Bug: CSCul58880 - IOS PKI RA does not forward CRL request to CA

Last Modified

Nov 27, 2020

Products (1)

  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases


Description (partial)

With an IOS Certificate Server operating in RA (Registration Authority) mode, 
when it receives a CRL (Certificate Revocation List) request from a PKI client, 
it does not forward the request to the CA (Certificate Authority). If the RA does 
not have a locally cached CRL, then the CRL validation will fail.

This is problem when an IOS is configured as a Certificate Server in RA mode, 
and if there is no explicit CDP (CRL Distribution Point) configured.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.