cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Wolfgang
Silver

problem with CRL distribution point address

Dear Checkmates,

we had a problem with the CRL distribution path after migration of a SMS.
We moved SMS from old one to a new machine and changed the hostname and IP-address.

This process was successful, but now we got some problems with VPN between gateways.
The root cause of the VPN problems is a false path in the CRL distribution list point address.Looking in the details of the certificates, there is defined the old path "URL=http://old-SMS.domainname.com:18264/ICA_CRL0.crl"
Every certificate for gateways will be issued with this path, pointing to the name of the old SMS.

Is there a way to change this path without recreating the internal_CA?

As a workaround we added the DNS name for the old SMS to the gateways hosts file and everything is fine, but we want to solve it basically.

Thanks

Wolfgang

0 Kudos
1 Reply
Admin
Admin

Re: problem with CRL distribution point address

Pretty sure the only way to change the CRL address is to regenerate the ICA. 

0 Kudos