Thanks for the reply. I have done all that. The problem is that there is no extended information when the CRL cannot be contacted. This is in the sessiondump:
414ca204.session.crldp./Common/Policy_act_crldp_auth_ag_1.result 1 1
414ca204.session.crldp.last.result 1 1
while this is in the APM debug:
modules/Authentication/Crldp/CrldpAuthModule.cpp func: "setCrldpResponseStatus()" line: 796 Msg: Crldp Response Status: Bad HTTP response status and Following rule 'Successful' from item 'CRLDP Auth'
Not sure I would call that successful.