Cisco Preparative Procedures & Operational User Guide
One CDP CRL is empty in the
peer certificate chain with valid
signature
Any CDP in the peer certificate
chain cannot be downloaded
Certificate has CDP, but the CDP
server is down
Certificate has CDP, server is up,
and CRL is on CDP, but the CRL
has an invalid signature
Table 5 Certificate Revocation Check Mode set to Relaxed without a local static CRL
Without local static CRL
Checking peer certificate chain
Checking CDP in peer certificate
chain
CDP checking for Root CA
certificate of the peer certificate
chain
Any certificate validation failure
in the peer certificate chain
Any certificate revoked in the
peer certificate chain
One CDP is missing the peer
certificate chain
One CDP CRL is empty in the
peer certificate chain with valid
signature
Any CDP in the peer certificate
chain cannot be downloaded
Certificate has CDP, but the CDP
server is down
Certificate has CDP, server is up,
and CRL is on CDP, but the CRL
has an invalid signature
Table 6 Certificate Revocation Check Mode set to Relaxed with a local static CRL
With local static CRL
Checking peer certificate chain
© 2016 Cisco Systems, Inc. All rights reserved.
Connection succeeds
Connection succeeds
Connection succeeds
Connection succeeds
LDAP Connection
Full certificate chain
Full certificate chain
Yes
Connection fails with syslog
message
Connection fails with syslog
message
Connection succeeds
Connection succeeds
Connection succeeds
Connection succeeds
Connection succeeds
LDAP Connection
Full certificate chain
Connection succeeds
Connection succeeds
Connection succeeds
Connection succeeds
IPSec Connection
Full certificate chain
Full certificate chain
Not applicable
Connection fails with syslog
message
Connection fails with syslog
message
Connection succeeds
Connection succeeds
Connection succeeds
Connection succeeds
Connection succeeds
IPSec Connection
Full certificate chain