Cisco Cisco Identity Services Engine 1.1 Manual Técnica
Publish Certificate Revocation Lists for ISE on a
Microsoft CA Server Configuration Example
Microsoft CA Server Configuration Example
Document ID: 115758
Contributed by Justin Teixeira, Cisco TAC Engineer.
Feb 15, 2013
Feb 15, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configure
Configurations
Section 1. Create and Configure a Folder on the CA to House the CRL Files
Section 2. Create a Site in IIS to Expose the New CRL Distribution Point
Section 3. Configure Microsoft CA Server to Publish CRL Files to the Distribution Point
Section 4. Verify the CRL File Exists and is Accessible via IIS
Section 5. Configure ISE to use the New CRL Distribution Point
Verify
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Conventions
Configure
Configurations
Section 1. Create and Configure a Folder on the CA to House the CRL Files
Section 2. Create a Site in IIS to Expose the New CRL Distribution Point
Section 3. Configure Microsoft CA Server to Publish CRL Files to the Distribution Point
Section 4. Verify the CRL File Exists and is Accessible via IIS
Section 5. Configure ISE to use the New CRL Distribution Point
Verify
Troubleshoot
Related Information
Introduction
This document describes the configuration of a Microsoft Certificate Authority (CA) server that runs Internet
Information Services (IIS) to publish Certificate Revocation List (CRL) updates. It also explains how to
configure Cisco Identity Services Engine ( ISE) (versions 1.1 and later) to retrieve the updates for use in
certificate validation. ISE can be configured to retrieve CRLs for the various CA root certificates it uses in
certificate validation.
Information Services (IIS) to publish Certificate Revocation List (CRL) updates. It also explains how to
configure Cisco Identity Services Engine ( ISE) (versions 1.1 and later) to retrieve the updates for use in
certificate validation. ISE can be configured to retrieve CRLs for the various CA root certificates it uses in
certificate validation.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
Cisco Identity Services Engine Release 1.1.2.145
•
Microsoft Windows
®
Server
®
2008 R2
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.