Guest

Preview Tool

Cisco Bug: CSCur66243 - ENH "Revocation information for the security certificate for this site"

Last Modified

Nov 13, 2016

Products (1)

  • Cisco NAC Appliance (Clean Access)

Known Affected Releases

4.9(4.3)

Description (partial)

Symptom:
"Revocation information for the security certificate for this site is not available. Do you want to proceed?"

the above dialog box/popup is displayed even when CRL checking is disabled in the NAC Agent Configuration.xml.

The option fix is disable CRL checking in the IE explorer window.

Customer can not disable CRL checking in the IE settings due to other security settings.

Additional workaround is adding the ip for the CDP in the pre-auth ACL.

The customer can also not enter all (100+) possible CDPs (CRL Distribution Poitnts) in the preauth ACL.

Customer would like the option to not present the pop up if the CRL server is not accessible.

Conditions:
NAC Agent: 4.9.4.3
Opswat version is 3.6.9186.2

CRL Checking disabled in NAC Agent Config

CRL checking enabled in Internet Explorer settings

ISE 1.2 Patch 8 as AAA server.

Environment configured to authenticate and authorize with posture assessment.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.