06-29-2008 12:15 PM
I'm having a problem with the IVE, where it can't seem to retrieve the CRL from the distribution point.
There are several options that has been presented to the IVE, (both fail). Option 1 is via LDAP and option 2 is via HTTP. I've been trying to use the HTTP method but it is failing. The error just says "Failed, Failed to connect." I've opened a ticket but so far no dice.
Solved! Go to Solution.
06-29-2008 11:14 PM
did you try to take a look on what's happening with tcpdump?
Maybe the connection to your CA is not working at all or anything similar...
Does your SA take the URL specified in the CA Cert or a manually defined one?
07-01-2008 09:11 AM
07-09-2008 06:45 PM
Finally Success! Working with JTAC paid off. Turns out the reason the IVE could not verify the CRL was the copy of the Root CA did have the CRL information in it. The copy of the Issuing CA to verify the clients had the CRL info but would not import, ("missing Root or CA information" error). So, I was able to import an intermediate certificate, (copy of the root); then I was able to import a copy of the trusted Issuing CA under Trusted Client Certificates. At that point I was able to download the CRL and verify the CRL it.
I also tested revoking a certificate and forcing the realm to check for revoked certs and it work. Thanks to all who have assisted with this task! :-)