Preview Tool

Cisco Bug: CSCvu05252 - DOC: Trustpoint URLs for CRL retrieval no longer supported after 9.13

Last Modified

May 26, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.13(1) 9.14(1)

Description (partial)

This bug is to reflect on our documentation that after 9.13 we removed the static URL configuration CLI, for example:
crypto ca trustpoint <tp_name>
 crl configure
  url 1  << removed support for this

And replaced it with a certificate map match rule, for example:
crypto ca trustpoint CertSub2
 revocation-check crl
 enrollment terminal
 match certificate CertSub2 override cdp  10 url
 match certificate CertSub override cdp  20 url
 match certificate CertRoot override cdp  30 url
 crl configure
  policy static
crypto ca certificate map CertSub2 10
 issuer-name co certsub2
crypto ca certificate map CertSub 10
 issuer-name co
crypto ca certificate map CertRoot 10
 issuer-name co certroot

This allows specific CRLs to be used for each cert in the chain.

Running 9.13 or later
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.