[Openswan Users] ocsp & openswan
Andreas Steffen
andreas.steffen at strongsec.net
Tue Jun 14 18:12:21 CEST 2005
Hi David,
have you started the OCSP fetching thread by setting
config setup
crlcheckinterval=600 # check every 10 minutes
in ipsec.conf ?
Regards
Andreas
david wrote:
> hi all,
>
> I am trying to use the OCSP protocol to check the validity of my certificates.
> So I have downloaded the libcurl-devel package providing curl headers,
> I have set USE_LIBCURL to true and HAVE_THREAD to true.
>
> And when my CA sign a certificate it adds the following extension on
> the certificates:
> Authority Information Access :
> OCSP - URI:http://195.212.109.202
>
> this is the address where my OCSP server is running.
>
> So when I manually ask for the validity of a certificate to the OCSP
> server , it responds correctly.
>
> But, when I try manually to establish A VPN with the certificates the
> ocsp server is not asked.
>
> is it normal?
> is there an ocsp client in pluto or not ?
> does this check can only be done by a web browser ?
>
> david
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
--
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list