[Openswan Users] ocsp & openswan
david2005.p at gmail.com
Tue Jun 14 18:30:14 CEST 2005
yes I have done it on both ends of the VPN.
the check to the ocsp server should be automatic ?
2005/6/14, Andreas Steffen <andreas.steffen at strongsec.net>:
> Hi David,
> have you started the OCSP fetching thread by setting
> config setup
> crlcheckinterval=600 # check every 10 minutes
> in ipsec.conf ?
> david wrote:
> > hi all,
> > I am trying to use the OCSP protocol to check the validity of my certificates.
> > So I have downloaded the libcurl-devel package providing curl headers,
> > I have set USE_LIBCURL to true and HAVE_THREAD to true.
> > And when my CA sign a certificate it adds the following extension on
> > the certificates:
> > Authority Information Access :
> > OCSP - URI:http://184.108.40.206
> > this is the address where my OCSP server is running.
> > So when I manually ask for the validity of a certificate to the OCSP
> > server , it responds correctly.
> > But, when I try manually to establish A VPN with the certificates the
> > ocsp server is not asked.
> > is it normal?
> > is there an ocsp client in pluto or not ?
> > does this check can only be done by a web browser ?
> > david
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> Andreas Steffen e-mail: andreas.steffen at strongsec.com
> strongSec GmbH home: http://www.strongsec.com
> Alter Zürichweg 20 phone: +41 1 730 80 64
> CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
> ==========================================[strong internet security]===
More information about the Users