Our certificate provider's CRL is allowed in the unauthenticated role, so they have access to it. We
have had this configuration in place for a few years and this is the first time we've seen this
error and been unable to mitigate it using one of the fixes listed below.
--
Isabelle Graham
Information Security
American University
Jesse Dubois wrote:
> Isabelle,
> Please take a look at the description here:
>
> http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/416/416rn.html#wp408569
>
>
> This is the same for any version of Clean Access. If the CRL is not
> available to the user the browser will
> continually give that error.
> --Jesse
>
> Isabelle Graham wrote:
>> We are seeing an issue where a user logs in to the agent and then gets
>> an error dialog that states: "Revocation Certificate is not available
>> for this site. Would you like to continue?" When the user clicks "Yes"
>> they get the same error, ad infinitum. They meet all our requirements,
>> have IE 7 installed and "Check for server certificate revocation" is
>> un-checked in Internet Options. We have removed the agent and
>> restarted but the problem persists. Our certificate provider's CRL is
>> allowed in the unauthenticated role. Has anyone seen this problem
>> where none of these fixes apply?
>>
>> --
>> Isabelle Graham
>> Information Security
>> American University