Hosting Provided By

Juniper SBR V 6.0.1 CRL-Checking problem

From: <USprotte(at)web.de>
Date: Wed Jun 27 2007 - 14:56:29 EDT

We tried to setup crl-checking on den sbr v 6.0.1 Steel Belted RADIUS. The URL socket is located on the RSA Authenticationsever V 6.7. Radius authentication via EAP TLS should not work because the SBR got a "CRL Fetch: HTTP socket connect failure from one of "http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl".

We found this error message in the radius log.

A test with wget should be work:

AAA-1:/var/log/radius # wget
http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl --11:06:31-- http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl
=> `XXX-Issuing-CA-v3.crl.2'

Resolving ca.dc.XXX.com... 10.0.5.33
Connecting to ca.dc.XXX.com|10.0.5.33|:447... connected. HTTP request sent, awaiting response... 200 OK Length: 356 [application/x-pkcs7-crl]

100%[===================================================================
=================>] 356           --.--K/s

11:06:31 (24.25 MB/s) - `XXX-Issuing-CA-v3.crl.2' saved [356/356]

I think this is a big problem in the radius server.

-- 
kind regards

Udo Sprotte

Received on Wed Jun 27 15:44:04 2007

This message: [ Message body ]
Next message: Henri Lindberg - Louhi Networks Oy: "CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability"
Previous message: john-lindsay(at)ngssoftware.com: "Contact request - nVidia"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Jun 27 2007 - 15:50:01 EDT