Cisco Bug: CSCur66243 - ENH "Revocation information for the security certificate for this site"
Nov 13, 2016
- Cisco NAC Appliance (Clean Access)
Known Affected Releases
Symptom: "Revocation information for the security certificate for this site is not available. Do you want to proceed?" the above dialog box/popup is displayed even when CRL checking is disabled in the NAC Agent Configuration.xml. The option fix is disable CRL checking in the IE explorer window. Customer can not disable CRL checking in the IE settings due to other security settings. Additional workaround is adding the ip for the CDP in the pre-auth ACL. The customer can also not enter all (100+) possible CDPs (CRL Distribution Poitnts) in the preauth ACL. Customer would like the option to not present the pop up if the CRL server is not accessible. Conditions: NAC Agent: 184.108.40.206 Opswat version is 3.6.9186.2 CRL Checking disabled in NAC Agent Config CRL checking enabled in Internet Explorer settings ISE 1.2 Patch 8 as AAA server. Environment configured to authenticate and authorize with posture assessment.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases