Guest

Preview Tool

Cisco Bug: CSCvh91907 - ENH: To confirm CRL file downloaded on ISE CLI/GUI

Last Modified

Aug 09, 2019

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.1(0.474) 2.2(0.471) 2.3(0.908) 2.4(0.309)

Description (partial)

Symptom:
User Story: 

We download a CRL (Certificate Verification List) every 12 hours. We have noticed that sometimes ISE displays an alarm that "CRL Retrieval Failed". ISE is configured to retry a failed download 1 hour later.

For example, my node may fail the CRL then 1 hour later may successfully download the CRL - so I can safely ignore the alarm. 

With ISE root patch installed, we can confirm this using the root command; ls /tmp/crlcache
With this command, we can see the timestamp of the file and can confirm it is downloaded, but we don't want to constantly need to install this root patch for such a simply task.

There must be a command from SSH or something in the GUI but I cannot find it.

Conditions:
how can we confirm on ISE CLI (ssh or GUI) that the CRL file is downloaded along with timestamp?

output similar to  ls /tmp/crlcache
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.