[Openswan Users] crlDistributionPoints

Paul Wouters paul at xelerance.com
Mon Jun 6 18:13:56 CEST 2005

On Mon, 6 Jun 2005, david p wrote:

> 1) So when I establish a VPN from a userA to userB only the userB
> connect itself to my Apache server to download a CRL to check the
> userA certificate. However the 2 certificates (userA and userB) have
> the distribution point set :
> X509v3 extensions:
> X509v3 CRL Distribution Points:
> URI:
> Why only one of the two try to connect thge Apache server ? why the userB ?

It might be a timing issue. Did you set strictcrlpolicy=yes ?


More information about the Users mailing list