This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL

NAC: flexible configuration of Trusted Root Certificates with LDAP-CRL or HTTP-CRL

Volker_Kull
Contributor

‎11-11-2020 07:27 AM

Today several different Trusted Root Certificates can be used in NAC (Control). With using of CRLs there are some restrictions limiting the use of certificates:

  • only HTTP-CRLs are supported - default Active-Directory CRL is via LDAP
  • if one of the PKIs behind a root certificate does not support CRL you have to disable CRL checking for all certificates

What we need:

  • flexible configuration of certificate path (PKI, protocol, CRL) individually for every single certificate
  • adding LDAP CRL checking function

br

Volker

0 Kudos
1 REPLY 1

AlexN
Extreme Employee

‎04-01-2021 12:23 PM

Volker,

Ability to configure and enable distinct CRLs for different CAs is submitted to engineering, CR ID XMC-3412. If all goes well, we will see it delivered in July/Aug XIQ-SE release.
LDAP CRL will not be implemented, as in your use-case with AD it takes one click on MSFT side to enable CRL publishing on web server.

 

BR,

Alex Nonikov

Best regards/Un saludo
Alex
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN