cancel
Showing results for 
Search instead for 
Did you mean: 
Arild
Level 7

Frequent CRL downloads

A few days ago we received an email from a commercial Certificate Authority.

They had observed about 10.000 crl downloads last week from a address belonging to a MWG we have installed for one of our customers, and "threatened" to blacklist our IP-address.

The number of crl downloads surprised us, since the MWG is scheduled to download crl's only once a day.

The policies are set up to only allow https access to sites with certificates from CA's the MWG trusts, and not to allow access to sites whos certificates are proven revoked.

To verify if a certificate has been revoked, the MWG must read the CRL from the issuer, that's for sure.

But we excpected it to read it from it's local copy, from the scheduled download.

Or, at least, if it downloads it because of a clients request to a https site, that it cached it and used the cached copy for a period afterwards.

With over 10.000 crl downloads in a week from 1 CA, it doesn't look like it uses a local copy a lot to me ....

Anyone who had similar experiences, or an explanation to this behavior?

Should it be this way?

Message was edited by: Arild on 6/17/10 12:17:54 PM CDT

Message was edited by: Arild on 6/18/10 3:28:11 AM CDT
0 Kudos
5 Replies
McAfee Employee

Re: Frequent CRL downloads

Hey Arild,

Which version is the customer currently running?

~jon

0 Kudos
Arild
Level 7

Re: Frequent CRL downloads

Hi Jon,

The MWG is v.6.8.6, running on Linux.

0 Kudos
McAfee Employee

Re: Frequent CRL downloads

That sounds strange... haven't seen anything like that in support (on 6.8.6). What's their CRL update interval set to? That is set under Configuration > Update Manager > CRL's, the default is 24 hours.

I would wonder if any disk space issues exist causing repeated downloads... just a though.

Also... you can check the update.log, and this would show you how many updates have taken place.

~jon

Message was edited by: Jon Scholten on 6/18/10 7:13:01 PM CDT

on 6/18/10 7:24:14 PM CDT
0 Kudos
schecka
Level 9

Re: Frequent CRL downloads

I think I have seen this recently. Check your errors.log for repeating messages about an automatic CRL addition.

If you have these messages, please open a ticket with support. I believe there might be a fix for that.

0 Kudos
Arild
Level 7

Re: Frequent CRL downloads

The CRL update interval is (as I mentioned in my opening post) once a day (24 hours).

I've just started vacation, but have asked my colleges to follow this thread.

Hopefully they will answer if you have any further questions.

Thanks & Regards,

Arild

0 Kudos