cancel
Showing results for 
Search instead for 
Did you mean: 
Arild
Level 7
Report Inappropriate Content
Message 1 of 6

Frequent CRL downloads

A few days ago we received an email from a commercial Certificate Authority.

They had observed about 10.000 crl downloads last week from a address belonging to a MWG we have installed for one of our customers, and "threatened" to blacklist our IP-address.

The number of crl downloads surprised us, since the MWG is scheduled to download crl's only once a day.

The policies are set up to only allow https access to sites with certificates from CA's the MWG trusts, and not to allow access to sites whos certificates are proven revoked.

To verify if a certificate has been revoked, the MWG must read the CRL from the issuer, that's for sure.

But we excpected it to read it from it's local copy, from the scheduled download.

Or, at least, if it downloads it because of a clients request to a https site, that it cached it and used the cached copy for a period afterwards.

With over 10.000 crl downloads in a week from 1 CA, it doesn't look like it uses a local copy a lot to me ....

Anyone who had similar experiences, or an explanation to this behavior?

Should it be this way?

Message was edited by: Arild on 6/17/10 12:17:54 PM CDT

Message was edited by: Arild on 6/18/10 3:28:11 AM CDT
5 Replies
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Frequent CRL downloads

Hey Arild,

Which version is the customer currently running?

~jon

Arild
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Frequent CRL downloads

Hi Jon,

The MWG is v.6.8.6, running on Linux.

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Frequent CRL downloads

That sounds strange... haven't seen anything like that in support (on 6.8.6). What's their CRL update interval set to? That is set under Configuration > Update Manager > CRL's, the default is 24 hours.

I would wonder if any disk space issues exist causing repeated downloads... just a though.

Also... you can check the update.log, and this would show you how many updates have taken place.

~jon

Message was edited by: Jon Scholten on 6/18/10 7:13:01 PM CDT

on 6/18/10 7:24:14 PM CDT

Re: Frequent CRL downloads

I think I have seen this recently. Check your errors.log for repeating messages about an automatic CRL addition.

If you have these messages, please open a ticket with support. I believe there might be a fix for that.

Arild
Level 7
Report Inappropriate Content
Message 6 of 6

Re: Frequent CRL downloads

The CRL update interval is (as I mentioned in my opening post) once a day (24 hours).

I've just started vacation, but have asked my colleges to follow this thread.

Hopefully they will answer if you have any further questions.

Thanks & Regards,

Arild

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community