CLEANACCESS Archives

September 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: "Revocation Certificate is not available for this site"
From:
Isabelle Graham <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Wed, 3 Sep 2008 12:53:14 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Our certificate provider's CRL is allowed in the unauthenticated role, so they have access to it. We 
have had this configuration in place for a few years and this is the first time we've seen this 
error and been unable to mitigate it using one of the fixes listed below.

--
Isabelle Graham
Information Security
American University


Jesse Dubois wrote:
> Isabelle,
>    Please take a look at the description here:
>    
> http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/416/416rn.html#wp408569 
> 
> 
>    This is the same for any version of Clean Access.  If the CRL is not 
> available to the user the browser will
>    continually give that error.
> --Jesse
> 
> Isabelle Graham wrote:
>> We are seeing an issue where a user logs in to the agent and then gets 
>> an error dialog that states: "Revocation Certificate is not available 
>> for this site. Would you like to continue?" When the user clicks "Yes" 
>> they get the same error, ad infinitum. They meet all our requirements, 
>> have IE 7 installed and "Check for server certificate revocation" is 
>> un-checked in Internet Options. We have removed the agent and 
>> restarted but the problem persists. Our certificate provider's CRL is 
>> allowed in the unauthenticated role. Has anyone seen this problem 
>> where none of these fixes apply?
>>
>> -- 
>> Isabelle Graham
>> Information Security
>> American University

ATOM RSS1 RSS2