Skip to main content

Certificate Revocation List (CRL) Configuration for the Cisco ASA


Use this guide to ensure the Certificate Revocation List is correctly configured for existing SecureAuth IdP intermediate certificates that have already been installed as trusted client CAs on Cisco ASA.


Revoked X.509v3 personal certificates require the CRL to be checked by network edge devices such as Cisco ASA

Configuration steps

1. Log on ASDM with super admin user permissions


2. Navigate to Configuration > Device Management > Certificate Management > CA Certificates


3. Select the the Nevada or Sierra Intermediate certificate, then click Edit


4. On the Revocation Check tab, ensure the option for Check certificates for revocation is selected, followed by the CRL method being added to the left group as the only active method


5. On the CRL Retrieval Policy tab, ensure the check box for Use CRL Distribution Point from the certificate is selected, then click OK and Apply



Repeat steps 3 to 5 of this process for the other (Nevada / Sierra) intermediate certificate