NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL

Volker_Kull — Wed, 11 Nov 2020 15:27:00 GMT

Today several different Trusted Root Certificates can be used in NAC (Control). With using of CRLs there are some restrictions limiting the use of certificates:

only HTTP-CRLs are supported - default Active-Directory CRL is via LDAP
if one of the PKIs behind a root certificate does not support CRL you have to disable CRL checking for all certificates

What we need:

flexible configuration of certificate path (PKI, protocol, CRL) individually for every single certificate
adding LDAP CRL checking function

Volker

RE: NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL

AlexN — Thu, 01 Apr 2021 19:23:00 GMT

Volker,

Ability to configure and enable distinct CRLs for different CAs is submitted to engineering, CR ID XMC-3412. If all goes well, we will see it delivered in July/Aug XIQ-SE release.
LDAP CRL will not be implemented, as in your use-case with AD it takes one click on MSFT side to enable CRL publishing on web server.

BR,

Alex Nonikov

topic NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL in Hero Product Suggestions

NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL

RE: NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL