Skip to main content

Certificate Revocation List (CRL) Configuration for the Cisco ASA

Introduction

Use this guide to ensure the Certificate Revocation List is correctly configured for existing SecureAuth IdP intermediate certificates that have already been installed as trusted client CAs on Cisco ASA.

Note

Revoked X.509v3 personal certificates require the CRL to be checked by network edge devices such as Cisco ASA

Configuration steps

1. Log on ASDM with super admin user permissions

6324561.png

2. Navigate to Configuration > Device Management > Certificate Management > CA Certificates

6324565.png

3. Select the the Nevada or Sierra Intermediate certificate, then click Edit

6324564.png

4. On the Revocation Check tab, ensure the option for Check certificates for revocation is selected, followed by the CRL method being added to the left group as the only active method

6324563.png

5. On the CRL Retrieval Policy tab, ensure the check box for Use CRL Distribution Point from the certificate is selected, then click OK and Apply

6324562.png

Note

Repeat steps 3 to 5 of this process for the other (Nevada / Sierra) intermediate certificate