Our certificate provider's CRL is allowed in the unauthenticated role, so they have access to it. We
have had this configuration in place for a few years and this is the first time we've seen this
error and been unable to mitigate it using one of the fixes listed below.
--
Isabelle Graham
Information Security
American University
Jesse Dubois wrote:
Isabelle,
Please take a look at the description here:
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/416/416rn.html#wp408569
This is the same for any version of Clean Access. If the CRL is not
available to the user the browser will
continually give that error.
--Jesse
Isabelle Graham wrote:
We are seeing an issue where a user logs in to the agent and then gets
an error dialog that states: "Revocation Certificate is not available
for this site. Would you like to continue?" When the user clicks "Yes"
they get the same error, ad infinitum. They meet all our requirements,
have IE 7 installed and "Check for server certificate revocation" is
un-checked in Internet Options. We have removed the agent and
restarted but the problem persists. Our certificate provider's CRL is
allowed in the unauthenticated role. Has anyone seen this problem
where none of these fixes apply?
--
Isabelle Graham
Information Security
American University
