Juniper SBR V 6.0.1 CRL-Checking problem

We tried to setup crl-checking on den sbr v 6.0.1 Steel Belted RADIUS. The URL
socket is located on the RSA Authenticationsever V 6.7. Radius authentication
via EAP TLS should not work because the SBR got a "CRL Fetch: HTTP socket
connect failure from one of "http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl".

We found this error message in the radius log.

A test with wget should be work:

AAA-1:/var/log/radius # wget
http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl
–11:06:31-- http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl
=> `XXX-Issuing-CA-v3.crl.2'
Resolving ca.dc.XXX.com… 10.0.5.33
Connecting to ca.dc.XXX.com|10.0.5.33|:447… connected.
HTTP request sent, awaiting response… 200 OK
Length: 356 [application/x-pkcs7-crl]

100%[===================================================================
=================>] 356 --.–K/s

11:06:31 (24.25 MB/s) - `XXX-Issuing-CA-v3.crl.2' saved [356/356]

I think this is a big problem in the radius server.

kind regards

Udo Sprotte