Cisco Bug: CSCut65777 - ENH: ISE should have an option to use the DNS cache for OCSP queries
Jun 07, 2016
- Cisco Identity Services Engine (ISE) 3300 Series Appliances
Known Affected Releases
Symptom: ISE currently does not use the DNS cache for the OCSP queries. If a user certificate is not present in the OCSP cache, ISE queries the OCSP server. For OCSP DNS query, ISE uses a non-caching version of API. So each and every request for resolution is sent to the DNS server. ISE should be configured to use the DNS cache for the OCSP queries for better performance and reduce the number of queries on DNS server. This is a feature request. Conditions: ISE configured with OCSP Client profiles.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases