Cisco Cisco ACE Application Control Engine Module
19
Release Note for the Cisco Application Control Engine Module
OL-22471-01
New Software Features in Version A2(2.0)
Displaying Detailed CRL-Downloading Statistics
To display the detailed statistics for the downloading of a CRL including failure counters, use the show
crypto crl name detail command.
crypto crl name detail command.
describes the fields displayed by this command.
Table 5
Field Descriptions for the show crypto crl crl_name detail Command
Field
Description
URL
URL where the ACE downloads the CRL.
Last Downloaded
Last time the ACE downloaded the CRL. If the CRL is configured on an
SSL-proxy service on a policy map that is not active or the service is not
associated with a policy map, the field displays the “not downloaded yet”
message.
SSL-proxy service on a policy map that is not active or the service is not
associated with a policy map, the field displays the “not downloaded yet”
message.
Total Number of
Download Attempts
Download Attempts
Number of times the ACE attempted to download the CRL.
Failed Download
Attempts
Attempts
Numbers of times that the ACE failed to download the CRL.
Successful Loads
Number of times that the ACE successfully loaded the CRL.
Failed Loads
Number of times that the ACE could not load the CRL because of a failure.
Hours since Last Load
Number of hours that elapsed since the ACE last successfully downloaded
the CRL. If no successful download has occurred, this field displays NA,
not applicable.
the CRL. If no successful download has occurred, this field displays NA,
not applicable.
No IP Addr Resolutions
Number of times the DNS resolution for the server host address of CRL the
failed.
failed.
Host Timeouts
Number of download retries to the CRL that had timed out.
Next Update Invalid
Number of times that the next update field of the CRL was invalid.
Next Update Expired
Number of times that the next update field of the CRL was expired.
Bad Signature
Number of times that the signature mismatch for the CRL was detected,
with respect to the CA certificate configured for signature verification of
the CRL.
with respect to the CA certificate configured for signature verification of
the CRL.
CRL Found-Failed to
load
load
Number of times that the ACE could not load the CRL because of the
maximum size limitation of 10MB on ACE or the formatting of the CRL
was not recognized. The ACE recognizes only DER and PEM encoded
CRLs.
maximum size limitation of 10MB on ACE or the formatting of the CRL
was not recognized. The ACE recognizes only DER and PEM encoded
CRLs.
File Not Found
Number of times that the server responded that the CRL file was not found
at the server.
at the server.
Memory Outage failures
Number of times that the ACE failed to download the CRL because it
temporarily could not provide memory to store the CRL data.
temporarily could not provide memory to store the CRL data.
Cache Limit failures
Number of times that the ACE could not load the CRL because the CRL
cache was exhausted.
cache was exhausted.
Conn Failures
Number of times that the ACE failed to download the CRL because it could
not establish a connection with the server or no server entity was listening
on the destination system.
not establish a connection with the server or no server entity was listening
on the destination system.
Internal Failures
Number of internal failures in the ACE that hampered downloading the
CRL, for example, internal communication failures between components
responsible for the downloading the CRL.
CRL, for example, internal communication failures between components
responsible for the downloading the CRL.